xle/tt-rss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* auth_internal OTP form: fix double-urlencode

Browse Source 
* post-login redirect: handle ?return in a less idiotic fashion
This commit is contained in:
Andrew Dolgov
2023-03-23 20:05:03 +03:00
parent 0f9488ace0
commit 563675de09
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
classes/handler/public.php
View File

@@ -416,10 +416,10 @@ class Handler_Public extends Handler {
$_SESSION["login_error_msg"] ??= __("Incorrect username or password");
}
$return = clean($_REQUEST['return']);
$return = clean($_REQUEST['return'] ?? '');
if ($_REQUEST['return'] && mb_strpos($return, Config::get_self_url()) === 0) {
header("Location: " . clean($_REQUEST['return']));
if ($return && mb_strpos($return, Config::get_self_url()) === 0) {
header("Location: $return");
} else {
header("Location: " . Config::get_self_url());
}