bugfix for redirect $target #1086

OpencachingDeutschland · Aug 28, 2017 · ed4f18b · ed4f18b
1 parent 0327b04
commit ed4f18b
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/htdocs/login.php b/htdocs/login.php
@@ -22,7 +22,14 @@
 $tpl->assign('error', LOGIN_OK);
 
 $target = isset($_REQUEST['target']) ? $_REQUEST['target'] : 'myhome.php';
-if (mb_strtolower(mb_substr($target, 0, 9)) == 'login.php') {
+
+// #1086 important change don't delete it :-)
+$path = parse_url($target, PHP_URL_PATH);
+if ((($path && !file_exists(__DIR__ . '/' . $path)) || !$path) && strpos($target, 'okapi/apps/') !== 0) {
+    $target = 'myhome.php';
+}
+
+if (mb_strtolower(mb_substr($target, 0, 9)) === 'login.php') {
     $target = 'myhome.php';
 }