| [ Index ] |
|
Code source de Horde 3.1.3 |
1 <?php 2 /** 3 * A script to redirect to a given URL, used for example in IMP to hide any 4 * referrer data being passed to the remote server and potentially exposing 5 * any session IDs. 6 * 7 * Copyright 2003-2006 Marko Djukic <marko@oblo.com> 8 * 9 * See the enclosed file COPYING for license information (LGPL). If you did 10 * not receive this file, see http://www.fsf.org/copyleft/lgpl.html. 11 * 12 * $Horde: horde/services/go.php,v 1.6.2.16 2006/06/22 02:43:24 chuck Exp $ 13 * 14 * @author Marko Djukic <marko@oblo.com> 15 */ 16 17 if (empty($_GET['url'])) { 18 exit; 19 } 20 21 $url = trim($_GET['url']); 22 if (preg_match('/;\s*url\s*=/i', $url)) { 23 /* IE will process the last ;URL= string, not the first, allowing 24 * protocols that shouldn't be let through. */ 25 exit; 26 } 27 28 if (get_magic_quotes_gpc()) { 29 $parsed_url = @parse_url(stripslashes($url)); 30 } else { 31 $parsed_url = @parse_url($url); 32 } 33 34 if (empty($parsed_url) || empty($parsed_url['host'])) { 35 exit; 36 } 37 if (empty($parsed_url['path'])) { 38 $parsed_url['path'] = false; 39 } 40 41 // Do a little due diligence on the target URL. If it's on the same server 42 // that we're already on, display an intermediate page asking people if 43 // they're sure they want to click through. 44 if (substr(php_sapi_name(), 0, 3) == 'cgi') { 45 // When using CGI PHP, SCRIPT_NAME may contain the path to the PHP binary 46 // instead of the script being run; use PHP_SELF instead. 47 $myurl = $_SERVER['PHP_SELF']; 48 } else { 49 $myurl = isset($_SERVER['SCRIPT_NAME']) ? 50 $_SERVER['SCRIPT_NAME'] : 51 $_SERVER['PHP_SELF']; 52 } 53 // 16 is the length of "/services/go.php". 54 $webroot = substr($myurl, 0, -16); 55 56 // Build a list of hosts considered dangerous (local hosts, the user's 57 // host, etc). 58 $dangerous_hosts = array('localhost', 'localhost.localdomain', '127.0.0.1'); 59 if (!empty($_SERVER['SERVER_NAME'])) { 60 $dangerous_hosts[] = $_SERVER['SERVER_NAME']; 61 } 62 if (!empty($_SERVER['HTTP_HOST'])) { 63 $dangerous_hosts[] = $_SERVER['HTTP_HOST']; 64 } 65 66 // List of allowed services. 67 $allowed_uris = array(); 68 69 // Check against our lists. 70 if ((empty($webroot) || strpos($parsed_url['path'], $webroot) === 0) && 71 !empty($parsed_url['query']) && 72 !in_array($parsed_url['path'], $allowed_uris) && 73 in_array($parsed_url['host'], $dangerous_hosts)) { 74 ?> 75 <html> 76 <head> 77 <title>Potentially Dangerous URL</title> 78 </head> 79 <body> 80 <h1>Potentially Dangerous URL</h1> 81 82 <p> 83 A referring site, an email you were reading, or some other 84 potentially untrusted source has attempted to send you to <?php echo 85 htmlspecialchars($url) ?>. This may be an attempt to 86 delete data or change settings without your knowledge. If 87 you have any concerns about this URL, please contact your 88 System Administrator. If you are confident that it is safe, 89 you may follow the link by clicking below. 90 </p> 91 92 <p> 93 <a href="<?php echo htmlspecialchars($url) ?>"><?php echo htmlspecialchars($url) ?></a> 94 </p> 95 96 </body> 97 </html> 98 <?php 99 exit; 100 } 101 102 header('Refresh: 0; URL=' . $url);
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 18:01:28 2007 | par Balluche grâce à PHPXref 0.7 |