Skip to content
Snippets Groups Projects
Commit a171c441 authored by Jared Hancock's avatar Jared Hancock
Browse files

Regression: restore l.php Referrer cloaking

parent a359bf6a
No related branches found
No related tags found
No related merge requests found
......@@ -23,6 +23,14 @@ if (!($url=trim($_GET['url'])))
$check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
Http::response(403, 'URL link not authorized');
else
elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
Http::redirect($url);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
</head>
<body/>
</html>
......@@ -23,6 +23,14 @@ if (!($url=trim($_GET['url'])))
$check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
Http::response(403, 'URL link not authorized');
else
elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
Http::redirect($url);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
</head>
<body/>
</html>
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment