diff options
author | Andrew Dolgov <[email protected]> | 2023-03-23 20:05:03 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2023-03-23 20:05:03 +0300 |
commit | 563675de095fef98a8eb2fc7b948845b6a693eb5 (patch) | |
tree | 0ac411774dc2fd65dae380d772ee55dd5e9fa1a3 /plugins/auth_internal | |
parent | 0f9488ace075b62bbc38ca77ce5a1b7c881a3a3e (diff) |
* auth_internal OTP form: fix double-urlencode
* post-login redirect: handle ?return in a less idiotic fashion
Diffstat (limited to 'plugins/auth_internal')
-rw-r--r-- | plugins/auth_internal/init.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index f113cd31e..697d0d0d2 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -36,7 +36,7 @@ class Auth_Internal extends Auth_Base { return false; } else { - $return = urlencode($_REQUEST["return"]); + $return = urlencode(with_trailing_slash($_REQUEST["return"])); ?> <!DOCTYPE html> <html> @@ -81,7 +81,7 @@ class Auth_Internal extends Auth_Base { <body class="flat ttrss_utility otp css_loading"> <h1><?= __("Authentication") ?></h1> <div class="content"> - <form dojoType="dijit.form.Form" action="public.php?return=<?= urlencode(with_trailing_slash($return)) ?>" method="post" class="otpform"> + <form dojoType="dijit.form.Form" action="public.php?return=<?= $return ?>" method="post" class="otpform"> <?php foreach (["login", "password", "bw_limit", "safe_mode", "remember_me", "profile"] as $key) { print \Controls\hidden_tag($key, $_POST[$key] ?? ""); |