From 63bc3aa48a2cfd7554362cd80fbdd43e38b3a21d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 19 Sep 2020 00:05:29 +0200 Subject: [PATCH] Better sanitizing --- htdocs/core/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 20e3dbc2646..5eb9d142c0c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -608,7 +608,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null // Sanitizing for special var name. There is no reason to allow a backtopage to an external URL. if ($paramname == 'backtopage') { - $out = preg_replace(array('/\/\//', '/^[a-z]*:/'), '', $out); + $out = preg_replace(array('/\/\/+/', '/^[a-z]*:/'), '', $out); } // Code for search criteria persistence.