diff options
Diffstat (limited to 'Zotlabs/Module/Settings/Editor.php')
| -rw-r--r-- | Zotlabs/Module/Settings/Editor.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/Zotlabs/Module/Settings/Editor.php b/Zotlabs/Module/Settings/Editor.php index cf6dd2807..85c3e69ae 100644 --- a/Zotlabs/Module/Settings/Editor.php +++ b/Zotlabs/Module/Settings/Editor.php @@ -11,14 +11,14 @@ class Editor { $module = substr(strrchr(strtolower(static::class), '\\'), 1); check_form_security_token_redirectOnErr('/settings/' . $module, 'settings_' . $module); - + $features = get_module_features($module); process_module_features_post(local_channel(), $features, $_POST); - + Libsync::build_sync_packet(); - if($_POST['rpath']) + if(isset($_POST['rpath']) && is_local_url($_POST['rpath'])) goaway($_POST['rpath']); return; @@ -34,14 +34,14 @@ class Editor { $tpl = get_markup_template("settings_module.tpl"); $o .= replace_macros($tpl, array( - '$rpath' => $rpath, + '$rpath' => escape_url($rpath), '$action_url' => 'settings/' . $module, '$form_security_token' => get_form_security_token('settings_' . $module), '$title' => t('Editor Settings'), '$features' => process_module_features_get(local_channel(), $features), '$submit' => t('Submit') )); - + return $o; } |