MDL-41255 fix incorrect redirection logic when changing password

Credit goes to Michael Milette.
moodle · Aug 31, 2013 · 7a3b3ac · 7a3b3ac
1 parent 6cef890
commit 7a3b3ac
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/login/change_password.php b/login/change_password.php
@@ -40,7 +40,7 @@
 if ($return) {
     // this redirect prevents security warning because https can not POST to http pages
     if (empty($SESSION->wantsurl)
-            or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php') === 0)) {
+            or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php')) === 0) {
         $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id";
     } else {
         $returnto = $SESSION->wantsurl;