-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrequestExtra.php
More file actions
36 lines (30 loc) · 931 Bytes
/
Copy pathrequestExtra.php
File metadata and controls
36 lines (30 loc) · 931 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<?php
namespace Puchiko\request;
/**
* Sanitize a URL by stripping CR, LF, and null bytes to prevent header injection.
*
* @param string $url The URL to sanitize
* @return string The sanitized URL
*/
function sanitizeHeaderInjection(string $url): string {
return str_replace(["\r", "\n", "\0"], '', $url);
}
/**
* Redirect the client to the given URL or back to the referring page.
*
* @param string $to Target URL, or 'back' to return to the HTTP referer.
*/
function redirect(string $to) {
if ($to === 'back') {
$referer = $_SERVER['HTTP_REFERER'] ?? '';
if ($referer !== '') {
header("Location: " . sanitizeHeaderInjection($referer));
exit;
}
// No referer — fall back to JS history.back()
echo '<!DOCTYPE html><html><head><script>history.back()</script></head><body></body></html>';
exit;
}
header("Location: " . sanitizeHeaderInjection($to));
exit;
}