From ff9d40a60d85281d77558c93bece2e9b461bfea4 Mon Sep 17 00:00:00 2001 From: Simon Welsh Date: Fri, 28 Feb 2014 14:09:42 +1300 Subject: [PATCH 1/2] FIX Escape the redirect URL before outputting Signed-off-by: Stephen Shkardoon --- control/HTTPResponse.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control/HTTPResponse.php b/control/HTTPResponse.php index e7482bb09..6489740d2 100644 --- a/control/HTTPResponse.php +++ b/control/HTTPResponse.php @@ -213,7 +213,7 @@ class SS_HTTPResponse { } if(in_array($this->statusCode, self::$redirect_codes) && headers_sent($file, $line)) { - $url = $this->headers['Location']; + $url = Convert::raw2htmlatt($this->headers['Location']); echo "

Redirecting to " . "$url... (output started on $file, line $line)

From f8e3bbe3ae3f29f22d85abb73cea033659511168 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Thu, 27 Mar 2014 11:00:50 +1300 Subject: [PATCH 2/2] BUG Fix encoding of JS redirection script --- control/HTTPResponse.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/control/HTTPResponse.php b/control/HTTPResponse.php index 6489740d2..6d0ee52b5 100644 --- a/control/HTTPResponse.php +++ b/control/HTTPResponse.php @@ -213,12 +213,14 @@ class SS_HTTPResponse { } if(in_array($this->statusCode, self::$redirect_codes) && headers_sent($file, $line)) { - $url = Convert::raw2htmlatt($this->headers['Location']); + $url = (string)$this->headers['Location']; + $urlATT = Convert::raw2htmlatt($url); + $urlJS = Convert::raw2js($url); echo - "

Redirecting to " - . "$url... (output started on $file, line $line)

- - "; + "

Redirecting to " + . "$urlATT... (output started on $file, line $line)

+ + "; } else { $line = $file = null; if(!headers_sent($file, $line)) {