Transient login form can't handle array variables
Bug #1480764 reported by
Aaron Wells
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Low
|
Aaron Wells | ||
15.10 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
You know how, when you're logged out of Mahara and you try to go to a page that isn't shared with the public, and you see a login form? We call that the "transient login page".
It tries to be smart and remember the URL that you were trying to reach, and then forward you on there again after you log in. But the code that does just iterates over $_GET and runs htmlspecialchars() on each key & value. And this causes problems if the URL contains array values, i.e. http://
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Patch for "master" branch: https:/ /reviews. mahara. org/5036