Project

General

Profile

« Previous | Next » 

Revision 1596

Added by Dietmar almost 13 years ago

highly critical security-fix
announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt

View differences:

index.php
121 121
		
122 122
<?php
123 123
		if(FRONTEND_LOGIN AND !$wb->is_authenticated() AND VISIBILITY != 'private' ) {
124
			$redirect_url = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : WB_URL );
124
			$redirect_url = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL );
125 125
			$redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $redirect_url );
126 126
?>
127 127
		<form name="login" action="<?php echo LOGIN_URL; ?>" method="post">

Also available in: Unified diff