diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2005-11-29 08:50:47 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2005-11-29 08:50:47 +0000 |
| commit | 94d993d8383710dbc87ea12e2a978e43e26f78e2 (patch) | |
| tree | 20544d78de6754abe36a1b0a8b78f03e0c95a176 /login.php | |
| parent | bda730ec5f252c4dc436efcee498b50b2df8c59a (diff) | |
| download | ampache-94d993d8383710dbc87ea12e2a978e43e26f78e2.tar.gz ampache-94d993d8383710dbc87ea12e2a978e43e26f78e2.tar.bz2 ampache-94d993d8383710dbc87ea12e2a978e43e26f78e2.zip | |
fixed another snoopy flaw and cleaned up for alpha3s release
Diffstat (limited to 'login.php')
| -rw-r--r-- | login.php | 16 |
1 files changed, 12 insertions, 4 deletions
@@ -69,10 +69,18 @@ if ( ($auth['success'] == 1)) { // but naming this 'user' didn't work at all // $_SESSION['userdata'] = $auth['info']; - // Make sure they are actually trying to get to this site - if (strstr($_POST['referrer'], conf('web_path')) AND !strstr($_POST['referrer'],"install.php") AND !strstr($_POST['referrer'],"login.php") AND !strstr($_POST['referrer'],"update.php")) { - header("Location: " . $_POST['referrer']); - exit(); + + /* Make sure they are actually trying to get to this site and don't try to redirect them back into + * an admin section + **/ + if (strstr($_POST['referrer'], conf('web_path')) AND + !strstr($_POST['referrer'],"install.php") AND + !strstr($_POST['referrer'],"login.php") AND + !strstr($_POST['referrer'],"update.php") AND + !strstr($_POST['referrer'],"admin")) { + + header("Location: " . $_POST['referrer']); + exit(); } // if we've got a referrer header("Location: " . conf('web_path') . "/index.php"); exit(); |