[Rt-commit] rt branch, 3.8-trunk, updated. rt-3.8.7-135-gd4b68f0
sartak at bestpractical.com
sartak at bestpractical.com
Thu Feb 4 00:35:12 EST 2010
The branch, 3.8-trunk has been updated
via d4b68f0757932036ebb8d02c380447e6192a7af4 (commit)
from 729ba900e405db476f24b16b5b4132a5b3326190 (commit)
Summary of changes:
share/html/Elements/Login | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
- Log -----------------------------------------------------------------
commit d4b68f0757932036ebb8d02c380447e6192a7af4
Author: Shawn M Moore <sartak at bestpractical.com>
Date: Thu Feb 4 00:34:12 2010 -0500
Sanitize form_action in Login
diff --git a/share/html/Elements/Login b/share/html/Elements/Login
index 8dfbe51..38fa82e 100755
--- a/share/html/Elements/Login
+++ b/share/html/Elements/Login
@@ -64,6 +64,14 @@ my $form_action = defined $goto ? $goto
: defined $req_uri ? $req_uri
: RT->Config->Get('WebPath')
;
+
+# sanitize $form_action
+my $uri = URI->new($form_action);
+
+# You get undef scheme with a relative uri like "/Search/Build.html"
+unless (!defined($uri->scheme) || $uri->scheme eq 'http' || $uri->scheme eq 'https') {
+ $form_action = RT->Config->Get('WebPath');
+}
</%INIT>
% $m->callback( %ARGS, CallbackName => 'Header' );
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list