View Revisions: Issue #530

Summary 0000530: ensure_tls() sends relative URL in endless loop
Revision 2019-10-12 12:27 by administrator
Additional Information
Revision 2019-10-11 14:21 by administrator
Additional Information PATCH:
diff --git a/wacko/class/http.php b/wacko/class/http.php
--- a/wacko/class/http.php
+++ b/wacko/class/http.php
@@ -57,6 +57,12 @@
 {
     if ($this->db->tls && !$this->tls_session)
     {
+ // relative addressing
+ if (!preg_match('/^(http|https):\/\/([^\\s\"<>]+)$/', $url))
+ {
+ $url = 'http://' . $_SERVER['SERVER_NAME'] . $url;
+ }
+
         $this->redirect(str_replace('http://', 'https://', $url));
         }
     }