1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
<?php
/**
* A script to redirect to a given URL, used for example in IMP to hide any
* referrer data being passed to the remote server and potentially exposing any
* session IDs.
*
* If an "untrusted" parameter is set, it passes the content of the given URL
* through to the browser if it doesn't belong to the local site. This can be
* used to avoid calling local URLs for example by image src attributes.
*
* Copyright 2003-2006 Marko Djukic <marko@oblo.com>
*
* See the enclosed file COPYING for license information (LGPL). If you did not
* receive this file, see http://www.fsf.org/copyleft/lgpl.html.
*
* $Horde: horde/util/go.php,v 1.2.2.4 2005/04/05 16:56:28 jan Exp $
*
* Some of the changes between 1.15 and 1.16 of horde/services/go.php
* included (Debian security update sarge2).
*
* @author Marko Djukic <marko@oblo.com>
* @version $Revision: 1.2.2.4 $
*/
if (empty($_GET['url'])) {
exit;
}
if (get_magic_quotes_gpc()) {
$url = @parse_url(stripslashes($_GET['url']));
} else {
$url = @parse_url($_GET['url']);
}
if (empty($url) || empty($url['host'])) {
exit;
}
// Do a little due diligence on the target URL. If it's on the same
// server that we're already on, display an intermediate page asking
// people if they're sure they want to click through.
if ((!empty($_SERVER['SERVER_NAME']) &&
$_SERVER['SERVER_NAME'] == $url['host']) ||
(!empty($_SERVER['HTTP_HOST']) &&
$_SERVER['HTTP_HOST'] == $url['host'])) {
?>
<html>
<head>
<title>Potentially Dangerous URL</title>
</head>
<body>
<h1>Potentially Dangerous URL</h1>
<p>
A referring site, an email you were reading, or some other
untrusted source has attempted to send you to <?php echo
htmlspecialchars($_GET['url']) ?>. This may be an attempt to
delete data or change settings without your knowledge. If
you have any concerns about this URL, please contact your
System Administrator. If you are confident that it is safe,
you may follow the link by clicking below.
</p>
<p>
<a href="<?php echo htmlspecialchars($_GET['url']) ?>"><?php echo htmlspecialchars($_GET['url']) ?></a>
</p>
</body>
</html>
<?php
exit;
}
// Pass through image content if requested.
if (!empty($_GET['untrusted'])) {
$allowed_protocols = array('http', 'https', 'ftp');
foreach ($allowed_protocols as $proto) {
if (substr($_GET['url'], 0, strlen($proto) + 3) == $proto . '://') {
readfile($_GET['url']);
exit;
}
}
exit;
}
// Otherwise we're issuing a refresh.
header('Refresh: 0; URL=' . $_GET['url']);
|
