mirror of
https://github.com/silverstripe/silverstripe-iframe
synced 2024-10-22 11:05:51 +02:00
Compare commits
2 Commits
c23cd84be6
...
132d1257c9
Author | SHA1 | Date | |
---|---|---|---|
|
132d1257c9 | ||
|
31fa96ef66 |
@ -142,8 +142,8 @@ class IFramePage extends Page
|
|||||||
|
|
||||||
//whitelist allowed URL schemes
|
//whitelist allowed URL schemes
|
||||||
$allowed_schemes = array('http', 'https');
|
$allowed_schemes = array('http', 'https');
|
||||||
if ($matches = parse_url($this->IFrameURL)) {
|
if ($matches = parse_url($this->IFrameURL ?? '')) {
|
||||||
if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
|
if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes ?? [])) {
|
||||||
$result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
|
$result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -16,8 +16,8 @@ class IFramePageController extends PageController
|
|||||||
if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
|
if ($desiredProtocol && $currentProtocol !== $desiredProtocol) {
|
||||||
$enforcedLocation = preg_replace(
|
$enforcedLocation = preg_replace(
|
||||||
"#^${currentProtocol}#",
|
"#^${currentProtocol}#",
|
||||||
$desiredProtocol,
|
$desiredProtocol ?? '',
|
||||||
$this->AbsoluteLink()
|
$this->AbsoluteLink() ?? ''
|
||||||
);
|
);
|
||||||
return $this->redirect($enforcedLocation);
|
return $this->redirect($enforcedLocation);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user