Revision 1833
Added by Dietmar almost 12 years ago
- security fix CRLF injection/HTTP response splitting
login.php | ||
---|---|---|
70 | 70 |
$loginUrl = WB_URL.'/account/login.php'; |
71 | 71 |
$loginUrl .= (!empty($redirect) ? '?redirect=' .$_SESSION['HTTP_REFERER'] : ''); |
72 | 72 |
|
73 |
$ThemeUrl = WB_URL.$wb->correct_theme_source('warning.html');
|
|
73 |
$WarningUrl = str_replace(WB_PATH,WB_URL,$wb->correct_theme_source('warning.html'));
|
|
74 | 74 |
// Setup template object, parse vars to it, then parse it |
75 | 75 |
$ThemePath = realpath(WB_PATH.$wb->correct_theme_source('loginBox.htt')); |
76 | 76 |
|
77 | 77 |
$thisApp = new Login( |
78 | 78 |
array( |
79 | 79 |
"MAX_ATTEMPS" => "3", |
80 |
"WARNING_URL" => $ThemeUrl."/warning.html",
|
|
80 |
"WARNING_URL" => $WarningUrl,
|
|
81 | 81 |
"USERNAME_FIELDNAME" => 'username', |
82 | 82 |
"PASSWORD_FIELDNAME" => 'password', |
83 | 83 |
"REMEMBER_ME_OPTION" => SMART_LOGIN, |
Also available in: Unified diff