• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed  Prevent External Redirect (using styles)

James

Well-known member
#1
The styles use an &redirect parameter to redirect, but you can allow redirecting to URLs (or URIs however pedantic you wish to be) that aren't part of the local domain.

Recommendation: Only allow redirection to area of local domain.

Example:
http://xenforo.com/community/misc/style?style_id=3&redirect=http://www.google.com

Also, when redirecting once to an external URL, it seems to automatically redirect you to that URL every time you change styles *more testing needed*