Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1595)
+++ branches/2.8.x/CHANGELOG	(revision 1596)
@@ -11,6 +11,9 @@
 ! = Update/Change
 
 =========================== add small Features 2.8.2 ==========================
+04 Feb-2012 Build 1596 Dietmar Woellbrink (Luisehahne)
+# highly critical security-fix
+# announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt
 04 Feb-2012 Build 1595 Dietmar Woellbrink (Luisehahne)
 # fix form language vars for better understanding (Tks to Maverik)
 ! change request if HTTP_REFERER is not empty in logout.php 
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1595)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1596)
@@ -51,5 +51,5 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.2');
-if(!defined('REVISION')) define('REVISION', '1595');
+if(!defined('REVISION')) define('REVISION', '1596');
 if(!defined('SP')) define('SP', 'SP2');
Index: branches/2.8.x/wb/account/logout.php
===================================================================
--- branches/2.8.x/wb/account/logout.php	(revision 1595)
+++ branches/2.8.x/wb/account/logout.php	(revision 1596)
@@ -22,7 +22,7 @@
 	setcookie('REMEMBER_KEY', '', time()-3600, '/');
 }
 
-$redirect = ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) ?  $_SERVER['HTTP_REFERER'] : WB_URL.'/index.php');
+$redirect = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ?  $_SERVER['HTTP_REFERER'] : WB_URL.'/index.php');
 
 $_SESSION['USER_ID'] = null;
 $_SESSION['GROUP_ID'] = null;
Index: branches/2.8.x/wb/framework/initialize.php
===================================================================
--- branches/2.8.x/wb/framework/initialize.php	(revision 1595)
+++ branches/2.8.x/wb/framework/initialize.php	(revision 1596)
@@ -24,7 +24,23 @@
 //set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH);
 
 if (file_exists(WB_PATH.'/framework/class.database.php')) {
-
+	$sTmpReferer = '';
+	if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
+	        $tmp0 = parse_url($_SERVER['HTTP_REFERER']);
+	        if ($tmp0 !== false) {
+	                $tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : '';
+	                $tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : '';
+	                $tmp1 = parse_url(WB_URL);
+	                if ($tmp1 !== false) {
+	                        $tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : '';
+	                        $tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : '';
+	                        if (strpos($tmp0['host'].'/'.$tmp0['path'], $tmp1['host'].'/'.$tmp1['path'])) {
+	                                $sTmpReferer = WB_URL.$tmp['path'].$tmp[fragment];
+	                        }
+	                }
+	        }
+	}
+	$_SERVER['HTTP_REFERER'] = $sTmpReferer;
 	date_default_timezone_set('UTC');
 	require_once(WB_PATH.'/framework/class.database.php');
 
Index: branches/2.8.x/wb/templates/allcss/index.php
===================================================================
--- branches/2.8.x/wb/templates/allcss/index.php	(revision 1595)
+++ branches/2.8.x/wb/templates/allcss/index.php	(revision 1596)
@@ -83,7 +83,7 @@
 		show_menu2(0,SM2_ROOT,SM2_CURR+1,SM2_TRIM,'<li><span class="menu-default">[ac][menu_title]</a></span>','</li>','<ul>','</ul>');
 		// CODE FOR WEBSITE BAKER FRONTEND LOGIN
 		if (FRONTEND_LOGIN == 'enabled' && VISIBILITY != 'private' && $wb->get_session('USER_ID') == '') {
-			$redirect_url = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : WB_URL );
+			$redirect_url = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL );
 			$redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $redirect_url );?>
 			<!-- login form -->
 			<br />
Index: branches/2.8.x/wb/templates/round/index.php
===================================================================
--- branches/2.8.x/wb/templates/round/index.php	(revision 1595)
+++ branches/2.8.x/wb/templates/round/index.php	(revision 1596)
@@ -121,7 +121,7 @@
 		
 <?php
 		if(FRONTEND_LOGIN AND !$wb->is_authenticated() AND VISIBILITY != 'private' ) {
-			$redirect_url = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : WB_URL );
+			$redirect_url = ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') ? $_SERVER['HTTP_REFERER'] : WB_URL );
 			$redirect_url = (isset($thisApp->redirect_url) ? $thisApp->redirect_url : $redirect_url );
 ?>
 		<form name="login" action="<?php echo LOGIN_URL; ?>" method="post">