diff options
author | friendica <info@friendica.com> | 2014-09-11 23:01:58 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-09-11 23:01:58 -0700 |
commit | 20be358ec29d830bdccef49c47c5d84e6c53aa28 (patch) | |
tree | 60c9e5db46aa923ff97a7b25a4080eb70cbc06ff | |
parent | cd7d8455688e63f10a823d936230287d9e88254f (diff) | |
download | volse-hubzilla-20be358ec29d830bdccef49c47c5d84e6c53aa28.tar.gz volse-hubzilla-20be358ec29d830bdccef49c47c5d84e6c53aa28.tar.bz2 volse-hubzilla-20be358ec29d830bdccef49c47c5d84e6c53aa28.zip |
bad redirects
-rw-r--r-- | include/security.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/security.php b/include/security.php index 2ccfc6973..0f2edc708 100644 --- a/include/security.php +++ b/include/security.php @@ -46,6 +46,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive if(($a->module !== 'home') && x($_SESSION,'login_return_url') && strlen($_SESSION['login_return_url'])) { $return_url = $_SESSION['login_return_url']; + + // don't let members get redirected to a raw ajax page update - this can happen + // if DHCP changes the IP address at an unfortunate time and paranoia is turned on + if(strstr($return_url,'update_')) + $return_url = ''; + unset($_SESSION['login_return_url']); goaway($a->get_baseurl() . '/' . $return_url); } |