Project

General

Profile

« Previous | Next » 

Revision 1834

Added by Dietmar almost 12 years ago

  1. fixed redirect checking in class.login.php

View differences:

branches/2.8.x/CHANGELOG
13 13

  
14 14

  
15 15

  
16
10 Dez-2012 Build 1834 Dietmar Woellbrink (Luisehahne)
17
# fixed redirect checking in class.login.php
16 18
10 Dez-2012 Build 1833 Dietmar Woellbrink (Luisehahne)
17 19
# security fix CRLF injection/HTTP response splitting
18 20
09 Dez-2012 Build 1832 Dietmar Woellbrink (Luisehahne)
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1833');
54
if(!defined('REVISION')) define('REVISION', '1834');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/framework/class.login.php
69 69
			$this->password_len = strlen($this->password);
70 70
		}
71 71

  
72
		$aServerUrl = $this->mb_parse_url(WB_URL);
73

  
72 74
        $sServerUrl = $_SERVER['SERVER_NAME'];        
73
        $sServerScheme = $_SERVER['REQUEST_SCHEME'];        
75
        $sServerScheme = isset($_SERVER['REQUEST_SCHEME']) ? $_SERVER['REQUEST_SCHEME'] : isset($aServerUrl['scheme']) ? $aServerUrl['scheme'] : ' http';        
74 76
        $sServerPath = $_SERVER['SCRIPT_NAME'];        
75 77
		// If the url is blank, set it to the default url
76 78
		$this->url = $this->get_post('url');
77
        $aUrl = parse_url( $this->url );
79
        $aUrl = $this->mb_parse_url( $this->url );
78 80
        $this->url = isset($aRedirecthUrl['host']) &&($sServerUrl==$aUrl['host']) ? $this->url:ADMIN_URL.'/start/index.php';        
79 81
		if ($this->redirect_url!='') {
80
            $aRedirecthUrl = parse_url( $this->redirect_url );
82
            $aRedirecthUrl = $this->mb_parse_url( $this->redirect_url );
81 83
            $this->redirect_url = isset($aRedirecthUrl['host']) &&($sServerUrl==$aRedirecthUrl['host']) ? $this->redirect_url:$sServerScheme.'://'.$sServerUrl;        
82 84
			$this->url = $this->redirect_url;
83 85
		}
84 86
		if(strlen($this->url) < 2) {
85
            $aDefaultUrl = parse_url( $this->default_url );
87
            $aDefaultUrl = $this->mb_parse_url( $this->default_url );
86 88
            $this->default_url = isset($aDefaultUrl['host']) &&($sServerUrl==$aDefaultUrl['host']) ? $this->default_url:$sServerScheme.'://'.$sServerUrl;        
87 89
			$this->url = $this->default_url;
88 90
		}
branches/2.8.x/wb/framework/class.wb.php
79 79
  	}
80 80

  
81 81

  
82
    /**
83
     * Created parse_url utf-8 compatible function
84
     * 
85
     * @param string $url The string to decode
86
     * @return array Associative array containing the different components
87
     * 
88
     */
89
    public function mb_parse_url($url) {
90
        $encodedUrl = preg_replace('%[^:/?#&=\.]+%usDe', 'urlencode(\'$0\')', $url);
91
        $components = parse_url($encodedUrl);
92
        foreach ($components as &$component)
93
            $component = urldecode($component);
94
        return $components;
95
    }
96

  
82 97
/* ****************
83 98
 * check if one or more group_ids are in both group_lists
84 99
 *

Also available in: Unified diff