webtrees

Invalid redirection when Login URL is not empty

Bug #913486 reported by François Morris on 2012-01-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	webtrees	Fix Released	Low	fisharebest

Line 93 of library/WT/Controller/Base.php (version 1.2.6) is incorrect:

header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.get_site_setting('LOGIN_URL', login.php').'?url='.rawurlencode(get_query_url()));

when LOGIN_URL contains a full URL, it must not be prefixed with WT_SERVER_NAME.WT_SCRIPT_PATH

I have written a quick fix.

Revision history for this message

François Morris (fm31416) wrote on 2012-01-08:

Revision history for this message

fisharebest (fisharebest) wrote on 2012-01-15:

This value needs to be an absolute URL.

Yet the default value of "login.php" is created during setup.php

This needs to be corrected.

Changed in webtrees:
assignee:	nobody → fisharebest (fisharebest)
importance:	Undecided → Low
status:	New → In Progress

Revision history for this message

fisharebest (fisharebest) wrote on 2012-01-15:

....and the code has many hard-coded references to login.php

These must also be corrected....

fisharebest (fisharebest) on 2012-02-01

Changed in webtrees:
status:	In Progress → Fix Committed

Revision history for this message

fisharebest (fisharebest) wrote on 2012-02-13:

Fix released in webtrees 1.2.7

Changed in webtrees:
status:	Fix Committed → Fix Released

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.