Invalid redirection when Login URL is not empty

Bug #913486 reported by François Morris on 2012-01-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
webtrees
Fix Released
Low
fisharebest

Bug Description

Line 93 of library/WT/Controller/Base.php (version 1.2.6) is incorrect:

header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.get_site_setting('LOGIN_URL', login.php').'?url='.rawurlencode(get_query_url()));

 when LOGIN_URL contains a full URL, it must not be prefixed with WT_SERVER_NAME.WT_SCRIPT_PATH

I have written a quick fix.

François Morris (fm31416) wrote :
fisharebest (fisharebest) wrote :

This value needs to be an absolute URL.

Yet the default value of "login.php" is created during setup.php

This needs to be corrected.

Changed in webtrees:
assignee: nobody → fisharebest (fisharebest)
importance: Undecided → Low
status: New → In Progress
fisharebest (fisharebest) wrote :

....and the code has many hard-coded references to login.php

These must also be corrected....

Changed in webtrees:
status: In Progress → Fix Committed
fisharebest (fisharebest) wrote :

Fix released in webtrees 1.2.7

Changed in webtrees:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers