diff options
| author | plegall <plg@piwigo.org> | 2010-04-29 10:44:30 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2010-04-29 10:44:30 +0000 |
| commit | e7487082c32de87efd756bf05ae8539d38cda373 (patch) | |
| tree | 1f3c53b9fbb15fc576755f9af428b3a33178cf76 /identification.php | |
| parent | ba70c8f5cbd1f22c912a9b44363c246b6eb84dd7 (diff) | |
bug 1484: prevent XSS vulnerability, encode url.
improvement: no need to transmit the REQUEST_URI from PHP, Smarty already
knows it.
git-svn-id: http://piwigo.org/svn/trunk@5990 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'identification.php')
| -rw-r--r-- | identification.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/identification.php b/identification.php index cbfd40947..89bc9fe85 100644 --- a/identification.php +++ b/identification.php @@ -54,7 +54,7 @@ if (isset($_POST['login'])) } else { - $redirect_to = isset($_POST['redirect']) ? $_POST['redirect'] : ''; + $redirect_to = isset($_POST['redirect']) ? urldecode($_POST['redirect']) : ''; $remember_me = isset($_POST['remember_me']) and $_POST['remember_me']==1; if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) ) { |