Fix redirect to external website. Bad sanitizing of backtopage parameter

htdocs/core/lib/functions.lib.php

@@ -613,7 +613,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
 	// Sanitizing for special parameters. There is no reason to allow the backtopage parameter to contains an external URL.
 	if ($paramname == 'backtopage') {
 		$out = str_replace('\\', '/', $out);
-		$out = preg_replace(array('/^:*\/\/+/', '/^[a-z]*:+/i'), '', $out);
+		$out = preg_replace(array('/^[a-z:]*\/\/+/i'), '', $out);
 	}
 
 	// Code for search criteria persistence.

test/phpunit/SecurityTest.php

@@ -423,6 +423,27 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		print __METHOD__." result=".$result."\n";
 		$this->assertEquals(trim($_POST["param12"]), $result, 'Test a string with DOCTYPE and restricthtml');
 
+		// Special test for GETPOST of backtopage parameter
+		$_POST["backtopage"]='//www.google.com';
+		$result=GETPOST("backtopage");
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals('www.google.com', $result, 'Test for backtopage param');
+
+		$_POST["backtopage"]='https:https://www.google.com';
+		$result=GETPOST("backtopage");
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals('www.google.com', $result, 'Test for backtopage param');
+
+		$_POST["backtopage"]='::HTTPS://www.google.com';
+		$result=GETPOST("backtopage");
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals('www.google.com', $result, 'Test for backtopage param');
+
+		$_POST["backtopage"]='/mydir/mypage.php?aa=a%10a';
+		$result=GETPOST("backtopage");
+		print __METHOD__." result=".$result."\n";
+		$this->assertEquals('/mydir/mypage.php?aa=a%10a', $result, 'Test for backtopage param');
+
 		return $result;
 	}