Project

General

Profile

« Previous | Next » 

Revision 1833

Added by Dietmar over 11 years ago

  1. security fix CRLF injection/HTTP response splitting

View differences:

login.php
70 70 
$loginUrl  = WB_URL.'/account/login.php';
71 71 
$loginUrl .= (!empty($redirect) ? '?redirect=' .$_SESSION['HTTP_REFERER'] : '');
72 72 

  		




  73
  
  
    
$ThemeUrl  = WB_URL.$wb->correct_theme_source('warning.html');


  		




  
  73
  
    
$WarningUrl  = str_replace(WB_PATH,WB_URL,$wb->correct_theme_source('warning.html'));


  		




  74
  74
  
    
// Setup template object, parse vars to it, then parse it


  		




  75
  75
  
    
$ThemePath = realpath(WB_PATH.$wb->correct_theme_source('loginBox.htt'));


  		




  76
  76
  
    

  		




  77
  77
  
    
$thisApp = new Login(


  		




  78
  78
  
    
				array(


  		




  79
  79
  
    
						"MAX_ATTEMPS" => "3",


  		




  80
  
  
    
						"WARNING_URL" => $ThemeUrl."/warning.html",


  		




  
  80
  
    
						"WARNING_URL" => $WarningUrl,


  		




  81
  81
  
    
						"USERNAME_FIELDNAME" => 'username',


  		




  82
  82
  
    
						"PASSWORD_FIELDNAME" => 'password',


  		




  83
  83
  
    
						"REMEMBER_ME_OPTION" => SMART_LOGIN,


  		












Also available in:  Unified diff