Skip to content

Commit

Permalink
Merge pull request #168 from catalyst/fix-redirect-v3
Browse files Browse the repository at this point in the history
Fixed redirect url validation
  • Loading branch information
Peterburnett authored Mar 5, 2021
2 parents d67d149 + cdc77e2 commit 7022a82
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 1 addition & 1 deletion renderer.php
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ public function render_envbar($match, $fixed = true, $envs = array()) {
if (!isset($config->stringseparator)) {
$config->stringseparator = '-'; // Set default.
}
if ($match->lastrefresh > 0) {
if (property_exists($match, 'lastrefresh') && $match->lastrefresh > 0) {
$show = format_time(time() - $match->lastrefresh);
$num = strtok($show, ' ');
$unit = strtok(' ');
Expand Down
4 changes: 4 additions & 0 deletions toggle_debugging.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,9 @@
envbarlib::set_debug_config($CFG->debug);
// Go back to current page.
$redirecturl = base64_decode(required_param('redirect', PARAM_RAW));
$redirecturl = clean_param($redirecturl, PARAM_URL);
if (strpos($redirecturl, '/') !== 0) {
print_error('Access denied.');
}
redirect($redirecturl);

0 comments on commit 7022a82

Please sign in to comment.