From e7487082c32de87efd756bf05ae8539d38cda373 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 29 Apr 2010 10:44:30 +0000
Subject: bug 1484: prevent XSS vulnerability, encode url.

improvement: no need to transmit the REQUEST_URI from PHP, Smarty already
knows it.

git-svn-id: http://piwigo.org/svn/trunk@5990 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 identification.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'identification.php')

diff --git a/identification.php b/identification.php
index cbfd40947..89bc9fe85 100644
--- a/identification.php
+++ b/identification.php
@@ -54,7 +54,7 @@ if (isset($_POST['login']))
   }
   else
   { 
-    $redirect_to = isset($_POST['redirect']) ? $_POST['redirect'] : '';
+    $redirect_to = isset($_POST['redirect']) ? urldecode($_POST['redirect']) : '';
     $remember_me = isset($_POST['remember_me']) and $_POST['remember_me']==1;
     if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) )
     {
-- 
cgit v1.2.3