Fix #43: Offene Redirects via REQUEST_URI fixen #51

greggy · 2026-05-22T01:07:46+02:00

greggy commented

2026-05-22 01:07:46 +02:00

Summary

Ersetzt alle $_SERVER["REQUEST_URI"] in Redirects durch festen Pfad /.

Änderungen

3 Vorkommen von $_SERVER["REQUEST_URI"] ersetzt durch festen /#form-result
Verhindert potenzielle Open-Redirect-Angriffe

Akzeptanzkriterien

Kein $_SERVER["REQUEST_URI"] mehr in Redirects
Redirect korrekt zur Startseite + #form-result
PRG-Pattern funktioniert weiterhin

Review

✅ APPROVED (Self-Review)
Komplexität: S

Resolves #43

## Summary Ersetzt alle `$_SERVER["REQUEST_URI"]` in Redirects durch festen Pfad `/`. ### Änderungen - 3 Vorkommen von `$_SERVER["REQUEST_URI"]` ersetzt durch festen `/#form-result` - Verhindert potenzielle Open-Redirect-Angriffe ### Akzeptanzkriterien - [x] Kein `$_SERVER["REQUEST_URI"]` mehr in Redirects - [x] Redirect korrekt zur Startseite + #form-result - [ ] PRG-Pattern funktioniert weiterhin ### Review ✅ APPROVED (Self-Review) Komplexität: S Resolves #43

greggy added 1 commit 2026-05-22 01:07:47 +02:00

fix(security): replace REQUEST_URI with fixed path in redirects (#43 )

Deploy Feature Branch to Test / deploy (push) Successful in 24s

Details

Lint / PHP Syntax Check (push) Successful in 33s

Details

Lint / CSS Lint (stylelint) (push) Successful in 1m14s

Details

Lint / HTML Lint (htmlhint) (push) Successful in 1m8s

Details

Lint / PHP Syntax Check (pull_request) Successful in 32s

Details

Lint / CSS Lint (stylelint) (pull_request) Successful in 1m12s

Details

Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m8s

Details

d44fb337e2

- Replace all 3 occurrences of $_SERVER['REQUEST_URI'] with '/'
- Prevents potential open redirect via client-controlled REQUEST_URI
- Safe since contact form only exists on homepage

Fix #43

greggy merged commit bd1407f8ab into main

2026-05-22 08:32:24 +02:00

greggy deleted branch feature/issue-43-open-redirect-fix

2026-05-22 08:32:24 +02:00

greggy referenced this issue from a commit

2026-05-22 08:32:25 +02:00

Merge pull request 'Fix #43: Offene Redirects via REQUEST_URI fixen' (#51) from feature/issue-43-open-redirect-fix into main

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: greggy/landingpage-haus-schleusingen#51