https://huntr.dev/bounties/49403dd8-edce-425f-9452-232cf455da2e/?toke…

…n=ee8f6b35163ac013f06cd174938c6c5b58579f4e02ad711411923b893213879d23b5ebc1ee75fb97c24c50959b7713407a37a97d9f349959416e38c026c889f31233e66e3e8b9e0f6a240f8c1cb4c7fcc47ff3e93c143b55da5decb42b345e7c6ce1acd6c9f1b8d4a6a73d439cf795adabb3c73f3735f1
WWBN · Sep 14, 2021 · a11802e · a11802e
1 parent 9ad6c41
commit a11802e
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/objects/functions.php b/objects/functions.php
@@ -4403,7 +4403,9 @@ function isHLS() {
 
 function getRedirectUri() {
     if (!empty($_GET['redirectUri'])) {
-        return $_GET['redirectUri'];
+        if(isSameDomainAsMyAVideo($_GET['redirectUri'])){
+            return $_GET['redirectUri'];
+        }
     }
     if (!empty($_SERVER["HTTP_REFERER"])) {
         return $_SERVER["HTTP_REFERER"];
@@ -7232,7 +7234,7 @@ function listFolderFiles($dir){
             $dir = rtrim($dir,DIRECTORY_SEPARATOR);
             $file = $dir.DIRECTORY_SEPARATOR.$ff;
             if(is_dir($file)){
-                listFolderFiles($file);
+                $files[] = listFolderFiles($file);
             }else{
                 $files[] = $file;
             }