From 16706fbd5ee43c93c5a641e6e99e85260e1239a2 Mon Sep 17 00:00:00 2001
From: vargenau <vargenau@96ab9672-09ca-45d6-a79d-3d69d39ca109>
Date: Mon, 30 Aug 2010 10:41:28 +0000
Subject: [PATCH] Allow encoded spaces in URL for RedirectTo plugin

git-svn-id: svn://svn.code.sf.net/p/phpwiki/code/trunk@7653 96ab9672-09ca-45d6-a79d-3d69d39ca109
---
 lib/plugin/RedirectTo.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/plugin/RedirectTo.php b/lib/plugin/RedirectTo.php
index 65e4b8aec..242b74fe5 100644
--- a/lib/plugin/RedirectTo.php
+++ b/lib/plugin/RedirectTo.php
@@ -59,14 +59,14 @@ extends WikiPlugin
         $href = $args['href'];
         $page = $args['page'];
         if ($href) {
-            /*
-             * Use quotes on the href argument value, like:
-             *   <<RedirectTo href="http://funky.com/a b \" c.htm" ?>
-             *
-             * Do we want some checking on href to avoid malicious
-             * uses of the plugin? Like stripping tags or hexcode.
-             */
-            $url = preg_replace('/%\d\d/','',strip_tags($href));
+            // If URL is urlencoded, decode it.
+            if (strpos('%', $href) !== false) {
+                $href = urldecode($href);
+            }
+            $url = strip_tags($href);
+            if ($url != $href) { // URL contains tags
+                return $this->disabled(_("Illegal characters in external URL."));
+            }
             $thispage = $request->getPage();
             if (! $thispage->get('locked')) {
                 return $this->disabled(_("Redirect to an external URL is only allowed in locked pages."));
-- 
2.45.0