From a11802e2d60fcf4160d01662c6e4a549cce7030a Mon Sep 17 00:00:00 2001
From: Daniel <danielneto.com@gmail.com>
Date: Tue, 14 Sep 2021 16:21:10 -0300
Subject: [PATCH] 
 https://huntr.dev/bounties/49403dd8-edce-425f-9452-232cf455da2e/?token=ee8f6b35163ac013f06cd174938c6c5b58579f4e02ad711411923b893213879d23b5ebc1ee75fb97c24c50959b7713407a37a97d9f349959416e38c026c889f31233e66e3e8b9e0f6a240f8c1cb4c7fcc47ff3e93c143b55da5decb42b345e7c6ce1acd6c9f1b8d4a6a73d439cf795adabb3c73f3735f1

---
 objects/functions.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/objects/functions.php b/objects/functions.php
index 8723f56326b4..4c0116cf501a 100644
--- a/objects/functions.php
+++ b/objects/functions.php
@@ -4403,7 +4403,9 @@ function isHLS() {
 
 function getRedirectUri() {
     if (!empty($_GET['redirectUri'])) {
-        return $_GET['redirectUri'];
+        if(isSameDomainAsMyAVideo($_GET['redirectUri'])){
+            return $_GET['redirectUri'];
+        }
     }
     if (!empty($_SERVER["HTTP_REFERER"])) {
         return $_SERVER["HTTP_REFERER"];
@@ -7232,7 +7234,7 @@ function listFolderFiles($dir){
             $dir = rtrim($dir,DIRECTORY_SEPARATOR);
             $file = $dir.DIRECTORY_SEPARATOR.$ff;
             if(is_dir($file)){
-                listFolderFiles($file);
+                $files[] = listFolderFiles($file);
             }else{
                 $files[] = $file;
             }