verify redirect behind a proxy (#900)

Author: michield

public_html/lists/admin/js/phplistapp.js

@@ -304,15 +304,11 @@ $(document).ready(function () {
         }
     });
 
-
-
     $("a.savechanges").on("click",function () {
-        if (changed) {
-            document.sendmessageform.followupto.value = this.href;
-            document.location.hash = ""
-            document.sendmessageform.submit();
-            return false;
-        }
+        $('#followupto').val(this.href);
+        document.location.hash = ""
+        $('#sendmessageform').submit();
+        return false;
     });
 
     $("#criteriaSelect").on("change",function () {

public_html/lists/admin/lib.php

@@ -1150,7 +1150,7 @@ function fetchStyles($text) {
 function isValidRedirect($url)
 {
     //# we might want to add some more checks here
-    return strpos($url, hostName());
+    return stripos($url, hostName()) || stripos($url,getConfig('website'));
 }
 
 /* check the url_append config and expand the url with it

public_html/lists/admin/send_core.php

@@ -607,7 +607,7 @@
 
         // print $tabs->display();
     } 
-    echo '<input type="hidden" name="followupto" value="" />';
+    echo '<input id="followupto" type="hidden" name="followupto" value="" />';
 
     if ($_GET['page'] == 'preparemessage') {
         echo Help('preparemessage', $GLOBALS['I18N']->get('What is prepare a message'));