http/s should be in the url, not the otherway around

Signed-off-by: emanuele <emanuele45@gmail.com>
emanuele45 · Dec 22, 2013 · 0db15e9 · 0db15e9
1 parent d4a0053
commit 0db15e9
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/sources/controllers/Auth.controller.php b/sources/controllers/Auth.controller.php
@@ -432,7 +432,7 @@ public function action_logout($internal = false, $redirect = true)
 		{
 			if (empty($_SESSION['logout_url']))
 				redirectexit('', $context['server']['needs_login_fix']);
-			elseif (!empty($_SESSION['logout_url']) && (strpos('http://', $_SESSION['logout_url']) === false && strpos('https://', $_SESSION['logout_url']) === false))
+			elseif (!empty($_SESSION['logout_url']) && (substr($_SESSION['logout_url'], 0, 7) !== 'http://' && substr($_SESSION['logout_url'], 0, 8) !== 'https://'))
 			{
 				unset($_SESSION['logout_url']);
 				redirectexit();
@@ -546,7 +546,7 @@ public function action_check()
 			// Some whitelisting for login_url...
 			if (empty($_SESSION['login_url']))
 				redirectexit();
-			elseif (!empty($_SESSION['login_url']) && (strpos('http://', $_SESSION['login_url']) === false && strpos('https://', $_SESSION['login_url']) === false))
+			elseif (!empty($_SESSION['login_url']) && (substr($_SESSION['login_url'], 0, 7) !== 'http://' && substr($_SESSION['login_url'], 0, 8) !== 'https://'))
 			{
 				unset($_SESSION['login_url']);
 				redirectexit();