[Gforge-commits] gforge/www/account login.php,1.10,1.11

gforge-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gforge-commits] gforge/www/account login.php,1.10,1.11

From:	tperdue
Subject:	[Gforge-commits] gforge/www/account login.php,1.10,1.11
Date:	Mon, 12 Apr 2004 12:49:20 -0500

Update of /cvsroot/gforge/gforge/www/account
In directory db.perdue.net:/home/tperdue/share/www.gforge.org/www/account

Modified Files:
        login.php 
Log Message:
minor security iritation in return_to variable

Index: login.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/account/login.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- login.php   18 Feb 2004 09:18:25 -0000      1.10
+++ login.php   12 Apr 2004 17:49:18 -0000      1.11
@@ -19,9 +19,19 @@
 
 require_once('pre.php');
 
+//
+//     Validate return_to
+//
+if ($return_to) {
+       $tmpreturn=explode('?',$return_to);
+       if (!is_file($sys_urlroot.$tmpreturn[0]) && 
!is_dir($sys_urlroot.$tmpreturn[0])) {
+               $return_to='';
+       }
+}
+
 if ($sys_use_ssl && !session_issecure()) {
        //force use of SSL for login
-       header('Location: https://'.$HTTP_HOST.'/account/login.php');
+       header('Location: https://'.$HTTP_HOST.$REQUEST_URI);
 }
 
 // Decide login button based on session.

[Prev in Thread]

Current Thread

[Next in Thread]

[Gforge-commits] gforge/www/account login.php,1.10,1.11, tperdue <=

Prev by Date: [Gforge-commits] gforge/www/scm cvsweb.php,1.2,1.3
Next by Date: [Gforge-commits] gforge/utils change_default_shell,NONE,1.1
Previous by thread: [Gforge-commits] gforge/www/scm cvsweb.php,1.2,1.3
Next by thread: [Gforge-commits] gforge/utils change_default_shell,NONE,1.1
Index(es):
- Date
- Thread