Revision 1596
Added by Dietmar almost 13 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
|
13 | 13 |
=========================== add small Features 2.8.2 ========================== |
14 |
04 Feb-2012 Build 1596 Dietmar Woellbrink (Luisehahne) |
|
15 |
# highly critical security-fix |
|
16 |
# announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt |
|
14 | 17 |
04 Feb-2012 Build 1595 Dietmar Woellbrink (Luisehahne) |
15 | 18 |
# fix form language vars for better understanding (Tks to Maverik) |
16 | 19 |
! change request if HTTP_REFERER is not empty in logout.php |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.2'); |
54 |
if(!defined('REVISION')) define('REVISION', '1595');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1596');
|
|
55 | 55 |
if(!defined('SP')) define('SP', 'SP2'); |
branches/2.8.x/wb/account/logout.php | ||
---|---|---|
22 | 22 |
setcookie('REMEMBER_KEY', '', time()-3600, '/'); |
23 | 23 |
} |
24 | 24 |
|
25 |
$redirect = ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : WB_URL.'/index.php');
|
|
25 |
$redirect = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL.'/index.php');
|
|
26 | 26 |
|
27 | 27 |
$_SESSION['USER_ID'] = null; |
28 | 28 |
$_SESSION['GROUP_ID'] = null; |
branches/2.8.x/wb/framework/initialize.php | ||
---|---|---|
24 | 24 |
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH); |
25 | 25 |
|
26 | 26 |
if (file_exists(WB_PATH.'/framework/class.database.php')) { |
27 |
|
|
27 |
$sTmpReferer = ''; |
|
28 |
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { |
|
29 |
$tmp0 = parse_url($_SERVER['HTTP_REFERER']); |
|
30 |
if ($tmp0 !== false) { |
|
31 |
$tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : ''; |
|
32 |
$tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : ''; |
|
33 |
$tmp1 = parse_url(WB_URL); |
|
34 |
if ($tmp1 !== false) { |
|
35 |
$tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : ''; |
|
36 |
$tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : ''; |
|
37 |
if (strpos($tmp0['host'].'/'.$tmp0['path'], $tmp1['host'].'/'.$tmp1['path'])) { |
|
38 |
$sTmpReferer = WB_URL.$tmp['path'].$tmp[fragment]; |
|
39 |
} |
|
40 |
} |
|
41 |
} |
|
42 |
} |
|
43 |
$_SERVER['HTTP_REFERER'] = $sTmpReferer; |
|
28 | 44 |
date_default_timezone_set('UTC'); |
29 | 45 |
require_once(WB_PATH.'/framework/class.database.php'); |
30 | 46 |
|
branches/2.8.x/wb/templates/allcss/index.php | ||
---|---|---|
83 | 83 |
show_menu2(0,SM2_ROOT,SM2_CURR+1,SM2_TRIM,'<li><span class="menu-default">[ac][menu_title]</a></span>','</li>','<ul>','</ul>'); |
84 | 84 |
// CODE FOR WEBSITE BAKER FRONTEND LOGIN |
85 | 85 |
if (FRONTEND_LOGIN == 'enabled' && VISIBILITY != 'private' && $wb->get_session('USER_ID') == '') { |
86 |
$redirect_url = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : WB_URL );
|
|
86 |
$redirect_url = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL );
|
|
87 | 87 |
$redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $redirect_url );?> |
88 | 88 |
<!-- login form --> |
89 | 89 |
<br /> |
branches/2.8.x/wb/templates/round/index.php | ||
---|---|---|
121 | 121 |
|
122 | 122 |
<?php |
123 | 123 |
if(FRONTEND_LOGIN AND !$wb->is_authenticated() AND VISIBILITY != 'private' ) { |
124 |
$redirect_url = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : WB_URL );
|
|
124 |
$redirect_url = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL );
|
|
125 | 125 |
$redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $redirect_url ); |
126 | 126 |
?> |
127 | 127 |
<form name="login" action="<?php echo LOGIN_URL; ?>" method="post"> |
Also available in: Unified diff
highly critical security-fix
announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt