| |
| |
|
|
|
|
| |
|
| |
|
| :: |
| Author |
Message |
tweety
PR0
Joined: 24 Jan 2007
Posts: 94
|
 Posted: Mon Jul 16, 2007 12:49 pm Post subject: Attempt to redirect to a potentially insecure URL |
|
|
I have identified a error with phpbb_seo_class.php and some returning urls
i am testing a return url from a shop linked to a site. once customer has purchased there is a return to site link.
this returns to site url and says thank you for buying. it was all working and still does except that now this comes up
| Code: | General Error
Attempt to redirect to a potentially insecure URL; access denied
|
i find this code in phpbb_seo_class.php
i must correct this as it looks bad, please help how i change code, i am not expert with php |
|
|
| Back to top |
|
 |
|
|
SeO
Administrateur - Site Admin
Joined: 15 Mar 2006
Posts: 3477
|
| Posted: Wed Jul 18, 2007 8:46 am Post subject: Re: Attempt to redirect to a potentially insecure URL |
|
|
Well, the warning is here for something, you really should not redirection an insecure way.
The message shows up either because there is a "\n", "\r" (new line) or a ";url" in the url sent to the seo_redirect method.
Now this being said, I do not really see how this method could be used in the case you mention. The same checks are being performed in the regular phpBB redirect() function, so it could come from there too.
In all cases, you should find a way to clean out your return url and make sure it is 1) valid, and 2) does not contain these forbidden terms. |
_________________
phpBB SEO || SEO Forum || Forum Référencement
GYM Sitemap & RSS for phpBB3 has been released ! || GYM Sitemap & RSS for phpBB3 est disponible ! |
|
| Back to top |
|
|
tweety
PR0
Joined: 24 Jan 2007
Posts: 94
|
| Posted: Thu Jul 19, 2007 1:47 am Post subject: Re: Attempt to redirect to a potentially insecure URL |
|
|
this return url is from paypal and must be part of clients site.
so if code can not be adapted, bad news because of course i can not access paypal return coding. it will now be big problem for me to think about. maybe i need to lose seo on some parts
do you have any hope of how i can change the code to accept such url as paypal do.
here is sample of course not real but similar of what will be each time slight change
| Code: | URL: URL: /thanks.php?mc_gross=50.00&address_status=unconfirmed&payer_id=42WGT61Jrt7QC&tax=0.00&address_street=abcstreet%0D%0anytown&payment_date=02%3472%3d03+Jul+10%2C+2007+PDT&payment_status=Completed&charset =windows-1252&address_zip=&first_name=jim&mc_fee=1.17&address_country_code=UK&address_name=jim+downs¬ify_version=2.4&custom=&payer_status=unverified&business=abc@testingnotreal.com&address_country= UK&address_city=anytown&quantity=1&payer_email=payer@theiremail.net&verify_sign=asaa-.rt3ws57fere7d7fd7f7d&txn_id=1441111&payment_type=instant&last_name=smith&address_state=essex&receiver_email=me@web site.com&payment_fee=&receiver_id=fdfdtadfdfdf&txn_type=web_accept&item_name=Donate+to+SITE+Thanks%21&mc_currency=GBP&item_number=8-1&residence_country=UK&receipt_id=243-33763-3483-12121222&payment_gr oss=&shipping=0.00&merchant_return_link=Return+to+MYSITE&fo!
rm_charset=UTF-8 |
|
|
|
| Back to top |
|
|
dcz
Administrateur - Site Admin
Joined: 28 Apr 2006
Posts: 14279
|
|
| Back to top |
|
|
tweety
PR0
Joined: 24 Jan 2007
Posts: 94
|
| Posted: Fri Jul 20, 2007 12:17 am Post subject: Re: Attempt to redirect to a potentially insecure URL |
|
|
no this link comes from paypal, it is a standard return to seller site link. that is offered after a payment has been made from a pay pal button on a website.
I have no control over that url. it comes from paypal.
thank you for trying to help, please ask more questions as you need me to answer for getting help on this. |
|
|
| Back to top |
|
|
dcz
Administrateur - Site Admin
Joined: 28 Apr 2006
Posts: 14279
|
|
| Back to top |
|
|
|
|
| Navigation |
Similar Topics |
|
|
|
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
| |
