[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gforge-commits] gforge/www/account login.php,1.10,1.11
From: |
tperdue |
Subject: |
[Gforge-commits] gforge/www/account login.php,1.10,1.11 |
Date: |
Mon, 12 Apr 2004 12:49:20 -0500 |
Update of /cvsroot/gforge/gforge/www/account
In directory db.perdue.net:/home/tperdue/share/www.gforge.org/www/account
Modified Files:
login.php
Log Message:
minor security iritation in return_to variable
Index: login.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/account/login.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- login.php 18 Feb 2004 09:18:25 -0000 1.10
+++ login.php 12 Apr 2004 17:49:18 -0000 1.11
@@ -19,9 +19,19 @@
require_once('pre.php');
+//
+// Validate return_to
+//
+if ($return_to) {
+ $tmpreturn=explode('?',$return_to);
+ if (!is_file($sys_urlroot.$tmpreturn[0]) &&
!is_dir($sys_urlroot.$tmpreturn[0])) {
+ $return_to='';
+ }
+}
+
if ($sys_use_ssl && !session_issecure()) {
//force use of SSL for login
- header('Location: https://'.$HTTP_HOST.'/account/login.php');
+ header('Location: https://'.$HTTP_HOST.$REQUEST_URI);
}
// Decide login button based on session.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gforge-commits] gforge/www/account login.php,1.10,1.11,
tperdue <=