diff options
author | Andrew Dolgov <[email protected]> | 2023-03-23 20:05:03 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2023-03-23 20:05:03 +0300 |
commit | 563675de095fef98a8eb2fc7b948845b6a693eb5 (patch) | |
tree | 0ac411774dc2fd65dae380d772ee55dd5e9fa1a3 /classes | |
parent | 0f9488ace075b62bbc38ca77ce5a1b7c881a3a3e (diff) |
* auth_internal OTP form: fix double-urlencode
* post-login redirect: handle ?return in a less idiotic fashion
Diffstat (limited to 'classes')
-rwxr-xr-x | classes/handler/public.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index d776e27cd..d7a7010fe 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -416,10 +416,10 @@ class Handler_Public extends Handler { $_SESSION["login_error_msg"] ??= __("Incorrect username or password"); } - $return = clean($_REQUEST['return']); + $return = clean($_REQUEST['return'] ?? ''); - if ($_REQUEST['return'] && mb_strpos($return, Config::get_self_url()) === 0) { - header("Location: " . clean($_REQUEST['return'])); + if ($return && mb_strpos($return, Config::get_self_url()) === 0) { + header("Location: $return"); } else { header("Location: " . Config::get_self_url()); } |