Project

General

Profile

« Previous | Next » 

Revision 1596

Added by Dietmar almost 13 years ago

highly critical security-fix
announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12

  
13 13
=========================== add small Features 2.8.2 ==========================
14
04 Feb-2012 Build 1596 Dietmar Woellbrink (Luisehahne)
15
# highly critical security-fix
16
# announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt
14 17
04 Feb-2012 Build 1595 Dietmar Woellbrink (Luisehahne)
15 18
# fix form language vars for better understanding (Tks to Maverik)
16 19
! change request if HTTP_REFERER is not empty in logout.php 
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.2');
54
if(!defined('REVISION')) define('REVISION', '1595');
54
if(!defined('REVISION')) define('REVISION', '1596');
55 55
if(!defined('SP')) define('SP', 'SP2');
branches/2.8.x/wb/account/logout.php
22 22
	setcookie('REMEMBER_KEY', '', time()-3600, '/');
23 23
}
24 24

  
25
$redirect = ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) ?  $_SERVER['HTTP_REFERER'] : WB_URL.'/index.php');
25
$redirect = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ?  $_SERVER['HTTP_REFERER'] : WB_URL.'/index.php');
26 26

  
27 27
$_SESSION['USER_ID'] = null;
28 28
$_SESSION['GROUP_ID'] = null;
branches/2.8.x/wb/framework/initialize.php
24 24
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH);
25 25

  
26 26
if (file_exists(WB_PATH.'/framework/class.database.php')) {
27

  
27
	$sTmpReferer = '';
28
	if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
29
	        $tmp0 = parse_url($_SERVER['HTTP_REFERER']);
30
	        if ($tmp0 !== false) {
31
	                $tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : '';
32
	                $tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : '';
33
	                $tmp1 = parse_url(WB_URL);
34
	                if ($tmp1 !== false) {
35
	                        $tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : '';
36
	                        $tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : '';
37
	                        if (strpos($tmp0['host'].'/'.$tmp0['path'], $tmp1['host'].'/'.$tmp1['path'])) {
38
	                                $sTmpReferer = WB_URL.$tmp['path'].$tmp[fragment];
39
	                        }
40
	                }
41
	        }
42
	}
43
	$_SERVER['HTTP_REFERER'] = $sTmpReferer;
28 44
	date_default_timezone_set('UTC');
29 45
	require_once(WB_PATH.'/framework/class.database.php');
30 46

  
branches/2.8.x/wb/templates/allcss/index.php
83 83
		show_menu2(0,SM2_ROOT,SM2_CURR+1,SM2_TRIM,'<li><span class="menu-default">[ac][menu_title]</a></span>','</li>','<ul>','</ul>');
84 84
		// CODE FOR WEBSITE BAKER FRONTEND LOGIN
85 85
		if (FRONTEND_LOGIN == 'enabled' && VISIBILITY != 'private' && $wb->get_session('USER_ID') == '') {
86
			$redirect_url = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : WB_URL );
86
			$redirect_url = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL );
87 87
			$redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $redirect_url );?>
88 88
			<!-- login form -->
89 89
			<br />
branches/2.8.x/wb/templates/round/index.php
121 121
		
122 122
<?php
123 123
		if(FRONTEND_LOGIN AND !$wb->is_authenticated() AND VISIBILITY != 'private' ) {
124
			$redirect_url = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : WB_URL );
124
			$redirect_url = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL );
125 125
			$redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $redirect_url );
126 126
?>
127 127
		<form name="login" action="<?php echo LOGIN_URL; ?>" method="post">

Also available in: Unified diff