4773: Added a check on the $_REQUEST'['p'] path inside bounce. If it's not a local...

author harris wong <hwong@ocad.ca>

Mon, 15 Aug 2011 15:13:45 +0000 (15:13 -0000)

committer harris wong <hwong@ocad.ca>

Mon, 15 Aug 2011 15:13:45 +0000 (15:13 -0000)
author harris wong <hwong@ocad.ca>
Mon, 15 Aug 2011 15:13:45 +0000 (15:13 -0000)
committer harris wong <hwong@ocad.ca>
Mon, 15 Aug 2011 15:13:45 +0000 (15:13 -0000)
diff --git a/docs/bounce.php b/docs/bounce.php

index 390cc37..041440c 100644 (file)
--- a/docs/bounce.php
+++ b/docs/bounce.php
@@ -151,6 +151,11 @@ if (!empty($_REQUEST['pu'])) {
         }
  } elseif (!empty($_REQUEST['p'])) {
         //For search
+    //p is a relative path, check that.  #4773
+    if (strpos('http') !== false) {
+        //if not relative, reset it.
+        $_REQUEST['p'] = "";
+    }
         $page = urldecode($_REQUEST['p']);
  } elseif (($_config['pretty_url'] > 0) && preg_match('/bounce.php\?course=([\d]+)$/', $_SERVER['REQUEST_URI'])==1) {
         //for browse, and my start page url rewrite.    
@@ -511,4 +516,4 @@ switch ($row['access']){
  } // end switch
   
  
-?>
-\ No newline at end of file
+?>
author	harris wong <hwong@ocad.ca>
	Mon, 15 Aug 2011 15:13:45 +0000 (15:13 -0000)
committer	harris wong <hwong@ocad.ca>
	Mon, 15 Aug 2011 15:13:45 +0000 (15:13 -0000)