From 6fa433c7a8441a6a13a2c39be3510c452de4e1c2 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Wed, 31 Oct 2012 12:51:58 -0400
Subject: [PATCH] Validate url before attempting a redirect - Fixes possible
 XSS bug

---
 l.php     | 6 ++----
 scp/l.php | 6 ++----
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/l.php b/l.php
index 657952e26..5e605c73c 100644
--- a/l.php
+++ b/l.php
@@ -14,10 +14,8 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require 'secure.inc.php';
-
-global $_GET;
-$url = $_GET['url'];
-if (!$url) exit();
+$url = trim($_GET['url']);
+if (!$url || !Validator::is_url($url)) exit('Invalid url');
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
diff --git a/scp/l.php b/scp/l.php
index 2c66c2835..93fff3a24 100644
--- a/scp/l.php
+++ b/scp/l.php
@@ -14,10 +14,8 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require_once 'staff.inc.php';
-
-global $_GET;
-$url = $_GET['url'];
-if (!$url) exit();
+$url = trim($_GET['url']);
+if (!$url || !Validator::is_url($url)) exit('Invalid url');
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
-- 
GitLab