aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-09-11 23:01:58 -0700
committerfriendica <info@friendica.com>2014-09-11 23:01:58 -0700
commit20be358ec29d830bdccef49c47c5d84e6c53aa28 (patch)
tree60c9e5db46aa923ff97a7b25a4080eb70cbc06ff
parentcd7d8455688e63f10a823d936230287d9e88254f (diff)
downloadvolse-hubzilla-20be358ec29d830bdccef49c47c5d84e6c53aa28.tar.gz
volse-hubzilla-20be358ec29d830bdccef49c47c5d84e6c53aa28.tar.bz2
volse-hubzilla-20be358ec29d830bdccef49c47c5d84e6c53aa28.zip
bad redirects
-rw-r--r--include/security.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/security.php b/include/security.php
index 2ccfc6973..0f2edc708 100644
--- a/include/security.php
+++ b/include/security.php
@@ -46,6 +46,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
if(($a->module !== 'home') && x($_SESSION,'login_return_url') && strlen($_SESSION['login_return_url'])) {
$return_url = $_SESSION['login_return_url'];
+
+ // don't let members get redirected to a raw ajax page update - this can happen
+ // if DHCP changes the IP address at an unfortunate time and paranoia is turned on
+ if(strstr($return_url,'update_'))
+ $return_url = '';
+
unset($_SESSION['login_return_url']);
goaway($a->get_baseurl() . '/' . $return_url);
}