Tried to redirect to potentially insecure url

Discussions and support about the different URL Rewriting techniques for phpBB.

Moderator: Moderators

Tried to redirect to potentially insecure url

Postby HAMMER663 » Mon Oct 22, 2012 11:30 am

I come to this topic, scroll down and to the right of the Quick: topic lock \ unlock
Close the topic and here's the error pops up. The link takes the form
Code: Select all
/mcp.php?f=352&t=148141&start=135&quickmod=1&redirect=.%2Fviewtopic.php%3Ff%3D352%26t%3D148141%26amp%3Bstart%3D135&confirm_key=4M86Z6MV2K


php version 5.2.6.
Code: Select all
GENERAL ERROR
Tried to redirect to potentially insecure url.
BACKTRACE
FILE: (not given by php)
LINE: (not given by php)
CALL: msg_handler()

FILE: [ROOT]/includes/functions.php
LINE: 2584
CALL: trigger_error()

FILE: [ROOT]/includes/functions.php
LINE: 2744
CALL: redirect()

FILE: [ROOT]/includes/mcp/mcp_main.php
LINE: 277
CALL: meta_refresh()

FILE: [ROOT]/includes/mcp/mcp_main.php
LINE: 52
CALL: lock_unlock()

FILE: [ROOT]/includes/functions_module.php
LINE: 507
CALL: mcp_main->main()

FILE: [ROOT]/includes/functions_module.php
LINE: 802
CALL: p_master->load_active()

FILE: [ROOT]/mcp.php
LINE: 169
CALL: p_master->load()


FILE: [ROOT]/includes/functions.php
LINE: 2584
Code: Select all
   // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
   if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
   {
*      trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
   }


FILE: [ROOT]/includes/functions.php
LINE: 2744
Code: Select all
function meta_refresh($time, $url, $disable_cd_check = false)
{
   global $template;

*   $url = redirect($url, true, $disable_cd_check);
   $url = str_replace('&', '&amp;', $url);


FILE: [ROOT]/includes/mcp/mcp_main.php
LINE: 277
Code: Select all
   if (!$success_msg)
   {
      redirect($redirect);
   }
   else
   {
*      meta_refresh(2, $redirect);
      trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
   }


FILE: [ROOT]/includes/mcp/mcp_main.php
LINE: 52
Code: Select all
         case 'unlock':
            $topic_ids = (!$quickmod) ? request_var('topic_id_list', array(0)) : array(request_var('t', 0));

            if (!sizeof($topic_ids))
            {
               trigger_error('NO_TOPIC_SELECTED');
            }

*            lock_unlock($action, $topic_ids);
         break;


FILE: [ROOT]/includes/functions_module.php
LINE: 507
Code: Select all
         // Execute the main method for the new instance, we send the module id and mode as parameters
         // Users are able to call the main method after this function to be able to assign additional parameters manually
         if ($execute_module)
         {
*            $this->module->main($this->p_name, $this->p_mode);
         }


FILE: [ROOT]/includes/functions_module.php
LINE: 802
Code: Select all
   function load($class, $name, $mode = false)
   {
      $this->p_class = $class;
      $this->p_name = $name;

      // Set active module to true instead of using the id
      $this->active_module = true;

*      $this->load_active($mode);
   }



FILE: [ROOT]/mcp.php
LINE: 169
Code: Select all
      case 'delete_topic':
*         $module->load('mcp', 'main', 'quickmod');
         return;
      break;

Help me, please..
HAMMER663
 
Posts: 9
Joined: Fri Oct 22, 2010 4:45 pm

Advertisement

Return to phpBB mod Rewrite

 


  • Related topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 29 guests