From 20be358ec29d830bdccef49c47c5d84e6c53aa28 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 11 Sep 2014 23:01:58 -0700
Subject: bad redirects

---
 include/security.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'include')

diff --git a/include/security.php b/include/security.php
index 2ccfc6973..0f2edc708 100644
--- a/include/security.php
+++ b/include/security.php
@@ -46,6 +46,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 
 	if(($a->module !== 'home') && x($_SESSION,'login_return_url') && strlen($_SESSION['login_return_url'])) {
 		$return_url = $_SESSION['login_return_url'];
+
+		// don't let members get redirected to a raw ajax page update - this can happen
+		// if DHCP changes the IP address at an unfortunate time and paranoia is turned on
+		if(strstr($return_url,'update_'))
+			$return_url = '';
+
 		unset($_SESSION['login_return_url']);
 		goaway($a->get_baseurl() . '/' . $return_url);
 	}
-- 
cgit v1.2.3