- $returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields);
- http_redirect($returl);
+ $returnurls = trim($returnurls);
+ // We check that the return url matches a per-key regexp to prevent
+ // replay attacks (more exactly to force replay attacks to redirect
+ // the user to the real GroupeX website, which defeats the attack).
+ if (empty($returnurls) || @preg_match($returnurls, $gpex_url)) {
+ $returl = $gpex_url . gpex_make_params($gpex_challenge, $privkey, $datafields, $charset);
+ http_redirect($returl);
+ } else if (S::admin()) {
+ $page->kill("La requête d'authentification a échouée (url de retour invalide).");
+ }