Ignore:
Timestamp:
Apr 29, 2010, 12:44:30 PM (14 years ago)
Author:
plg
Message:

bug 1484: prevent XSS vulnerability, encode url.

improvement: no need to transmit the REQUEST_URI from PHP, Smarty already
knows it.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/identification.php

    r5196 r5990  
    5555  else
    5656  {
    57     $redirect_to = isset($_POST['redirect']) ? $_POST['redirect'] : '';
     57    $redirect_to = isset($_POST['redirect']) ? urldecode($_POST['redirect']) : '';
    5858    $remember_me = isset($_POST['remember_me']) and $_POST['remember_me']==1;
    5959    if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) )
Note: See TracChangeset for help on using the changeset viewer.