bug 1484: prevent XSS vulnerability, encode url.

improvement: no need to transmit the REQUEST_URI from PHP, Smarty already knows it. git-svn-id: http://piwigo.org/svn/trunk@5990 68402e56-0260-453c-a942-63ccdbb3a9ee
Piwigo · Apr 29, 2010 · e748708 · e748708
1 parent ba70c8f
commit e748708
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 4 deletions.
diff --git a/identification.php b/identification.php
@@ -54,7 +54,7 @@
   }
   else
   { 
-    $redirect_to = isset($_POST['redirect']) ? $_POST['redirect'] : '';
+    $redirect_to = isset($_POST['redirect']) ? urldecode($_POST['redirect']) : '';
     $remember_me = isset($_POST['remember_me']) and $_POST['remember_me']==1;
     if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) )
     {

diff --git a/include/block.class.php b/include/block.class.php
@@ -134,7 +134,6 @@ public function apply($var, $file)
     global $template;
 
     $template->set_filename('menubar', $file);
-    $template->assign(array('U_REDIRECT' => $_SERVER['REQUEST_URI']));
     trigger_action('blockmanager_apply', array(&$this) );
 
     foreach( $this->display_blocks as $id=>$block)

diff --git a/themes/default/template/identification.tpl b/themes/default/template/identification.tpl
@@ -21,7 +21,7 @@
   <fieldset>
     <legend>{'Connection settings'|@translate}</legend>
 
-    <input type="hidden" name="redirect" value="{$U_REDIRECT}">
+    <input type="hidden" name="redirect" value="{$U_REDIRECT|urlencode}">
 
     <ul>
       <li>

diff --git a/themes/default/template/menubar_identification.tpl b/themes/default/template/menubar_identification.tpl
@@ -28,7 +28,7 @@
 
 	{if isset($U_LOGIN)}
 	<form method="post" action="{$U_LOGIN}" id="quickconnect">
-        <input type="hidden" name="redirect" value="{$U_REDIRECT}">
+        <input type="hidden" name="redirect" value="{$smarty.server.REQUEST_URI|urlencode}">
 	<fieldset>
 	<legend>{'Quick connect'|@translate}</legend>
 	<div>