iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-05-08 14:25:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

issue #706, force redirection within Piwigo

Browse Source
This commit is contained in:
plegall
2017-06-14 10:23:47 +02:00
parent 4b9b7855f0
commit bbb9c5e6b5
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
identification.php
+17 -1
View File
@@ -77,7 +77,23 @@ if (isset($_POST['login']))
if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) ) if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) )
{ {
redirect(empty($redirect_to) ? get_gallery_home_url() : $redirect_to); // security (level 2): force redirect within Piwigo. We redirect to
// absolute root url, including http(s)://, without the cookie path,
// concatenated with $_POST['redirect'] param.
//
// example:
// {redirect (raw) = /piwigo/git/admin.php}
// {get_absolute_root_url = http://localhost/piwigo/git/}
// {cookie_path = /piwigo/git/}
// {host = http://localhost}
// {redirect (final) = http://localhost/piwigo/git/admin.php}
$root_url = get_absolute_root_url();
redirect(
empty($redirect_to)
? get_gallery_home_url()
: substr($root_url, 0, strlen($root_url) - strlen(cookie_path())).$redirect_to
);
} }
else else
{ {