diff options
author | Mario Vavti <mario@mariovavti.com> | 2022-03-29 11:42:53 +0200 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2022-03-29 11:42:53 +0200 |
commit | 0784cd593a39a4fc297e8a82f7e79bc8019a0868 (patch) | |
tree | 22182afb37cf460f8208fff9d276a0672add3185 /Zotlabs/Module/Settings/Profiles.php | |
parent | 0e2e9321025f87fe9587f3d183adaea6185e4e20 (diff) | |
parent | 9c5d2ee5630dd7033904039dcd1e92db8821b644 (diff) | |
download | volse-hubzilla-7.2.tar.gz volse-hubzilla-7.2.tar.bz2 volse-hubzilla-7.2.zip |
Merge branch '7.2RC'7.2
Diffstat (limited to 'Zotlabs/Module/Settings/Profiles.php')
-rw-r--r-- | Zotlabs/Module/Settings/Profiles.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Zotlabs/Module/Settings/Profiles.php b/Zotlabs/Module/Settings/Profiles.php index a1a1b8d96..0ff2dfb6d 100644 --- a/Zotlabs/Module/Settings/Profiles.php +++ b/Zotlabs/Module/Settings/Profiles.php @@ -23,7 +23,7 @@ class Profiles { Libsync::build_sync_packet(); - if($_POST['rpath']) + if(isset($_POST['rpath']) && is_local_url($_POST['rpath'])) goaway($_POST['rpath']); return; @@ -43,7 +43,7 @@ class Profiles { $tpl = get_markup_template("settings_module.tpl"); $o .= replace_macros($tpl, array( - '$rpath' => $rpath, + '$rpath' => escape_url($rpath), '$action_url' => 'settings/' . $module, '$form_security_token' => get_form_security_token('settings_' . $module), '$title' => t('Profiles Settings'), |