FIX Escape the redirect URL before outputting

Signed-off-by: Stephen Shkardoon <stephen@silverstripe.com>
This commit is contained in:
Simon Welsh 2014-02-28 14:09:42 +13:00 committed by Stephen Shkardoon
parent 21f462a77b
commit ff9d40a60d

View File

@ -213,7 +213,7 @@ class SS_HTTPResponse {
} }
if(in_array($this->statusCode, self::$redirect_codes) && headers_sent($file, $line)) { if(in_array($this->statusCode, self::$redirect_codes) && headers_sent($file, $line)) {
$url = $this->headers['Location']; $url = Convert::raw2htmlatt($this->headers['Location']);
echo echo
"<p>Redirecting to <a href=\"$url\" title=\"Click this link if your browser does not redirect you\">" "<p>Redirecting to <a href=\"$url\" title=\"Click this link if your browser does not redirect you\">"
. "$url... (output started on $file, line $line)</a></p> . "$url... (output started on $file, line $line)</a></p>