Revision 1833
Added by Dietmar over 11 years ago
- security fix CRLF injection/HTTP response splitting
login_form.php | ||
---|---|---|
24 | 24 |
/* -------------------------------------------------------- */ |
25 | 25 |
|
26 | 26 |
// Generate username field name |
27 |
$username_fieldname = 'username'; |
|
28 |
$password_fieldname = 'password'; |
|
27 |
$username_fieldname = 'username_';
|
|
28 |
$password_fieldname = 'password_';
|
|
29 | 29 |
$output = ''; |
30 | 30 |
msgQueue::clear(); |
31 | 31 |
|
... | ... | |
37 | 37 |
$username_fieldname .= $temp[$i]; |
38 | 38 |
$password_fieldname .= $temp[$i]; |
39 | 39 |
} |
40 |
} else { |
|
41 |
$username_fieldname = 'username'; |
|
42 |
$password_fieldname = 'password'; |
|
40 | 43 |
} |
41 | 44 |
|
42 | 45 |
$thisApp->redirect_url = (isset($thisApp->redirect_url) && ($thisApp->redirect_url!='') ? $thisApp->redirect_url : $_SESSION['HTTP_REFERER'] ); |
43 |
|
|
46 |
//$thisApp->redirect_url = ''; |
|
44 | 47 |
$sIncludeHeadLinkCss = ''; |
45 | 48 |
if( is_readable(WB_PATH .'/account/frontend.css')) { |
46 | 49 |
$sIncludeHeadLinkCss .= '<link href="'.WB_URL.'/account/frontend.css"'; |
... | ... | |
65 | 68 |
'WB_URL' => WB_URL, |
66 | 69 |
'THEME_URL' => THEME_URL, |
67 | 70 |
'TEMPLATE_URL' => TEMPLATE_DIR, |
68 |
'HTTP_REFERER' => $_SESSION['HTTP_REFERER'],
|
|
71 |
'HTTP_REFERER' => $thisApp->redirect_url,
|
|
69 | 72 |
'CSS_BLOCK' => $sIncludeHeadLinkCss, |
70 | 73 |
'MESSAGE_VALUE' => '', |
71 | 74 |
'ERROR_VALUE' => '', |
Also available in: Unified diff