Bug #21346 » bug_12324.patch
| t3lib/class.t3lib_div.php | ||
|---|---|---|
|
* empty string otherwise
|
||
|
*/
|
||
|
public static function sanitizeBackEndUrl($url = '') {
|
||
|
$whitelistPattern = '/^[a-zA-Z0-9_\/\.&=\?]+$/';
|
||
|
$whitelistPattern = '/^[a-zA-Z0-9_\/\.&=\?~-]+$/';
|
||
|
if (!preg_match($whitelistPattern, $url)) {
|
||
|
$url = '';
|
||
|
}
|
||