route : the redirect can be done outside the site, with a warning

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2161 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2015-05-07 14:40:25 +00:00
parent ef63f5f835
commit 6fbea5dc56
1 changed files with 1 additions and 1 deletions
--- a/route.php
+++ b/route.php
@@ -190,7 +190,7 @@ class route
    // Allow to redirect from POST to GET, but not GET to GET (can loop)
    if ($destURL === $requestURL && $_SERVER["REQUEST_METHOD"] === "GET")
      throw new Exception ("Redirect to myself", 508);
-    if (substr_count ("../", $baseURL) > 1+ substr_count ("/", $destURL))
+    if (substr_count ($baseURL, "../") > 1+ substr_count ($destURL,"/"))
      throw new Exception ("Can't redirect outside this site (Base $baseURL)",
                           405);