Permalink
Browse files

API Removed 'BadLoginURL' session var from MemberLoginForm

It was never set in core, and is generally undocumented,
hence just unnecessarily increases the security surface
of this sensitive class.
  • Loading branch information...
1 parent b350ded commit 18c9a95996c5f7da59d640e26941299bbd17d15e @chillu chillu committed Feb 5, 2013
Showing with 4 additions and 8 deletions.
  1. +4 −8 security/MemberLoginForm.php
@@ -138,14 +138,10 @@ public function dologin($data) {
if($backURL) Session::set('BackURL', $backURL);
- if($badLoginURL = Session::get("BadLoginURL")) {
- $this->controller->redirect($badLoginURL);
- } else {
- // Show the right tab on failed login
- $loginLink = Director::absoluteURL($this->controller->Link('login'));
- if($backURL) $loginLink .= '?BackURL=' . urlencode($backURL);
- $this->controller->redirect($loginLink . '#' . $this->FormName() .'_tab');
- }
+ // Show the right tab on failed login
+ $loginLink = Director::absoluteURL($this->controller->Link('login'));
+ if($backURL) $loginLink .= '?BackURL=' . urlencode($backURL);
+ $this->controller->redirect($loginLink . '#' . $this->FormName() .'_tab');
}
}

0 comments on commit 18c9a95

Please sign in to comment.