Fixed  Prevent External Redirect (using styles)


Well-known member
The styles use an &redirect parameter to redirect, but you can allow redirecting to URLs (or URIs however pedantic you wish to be) that aren't part of the local domain.

Recommendation: Only allow redirection to area of local domain.


Also, when redirecting once to an external URL, it seems to automatically redirect you to that URL every time you change styles *more testing needed*


XenForo developer
Staff member
Fixed locally - it compares the domain part of the requested redirect before following it.