From dad3217cb05578e66bbf3c2edb1ec38228b47301 Mon Sep 17 00:00:00 2001 From: michaeljoseph Date: Thu, 8 Jul 2004 09:45:28 +0000 Subject: [PATCH] #986627- removed redirect variable sanitisation- the redirect variable is used to lookup a page in the SiteMap, so this prevents a malicious redirect from being used. --- presentation/login.php | 1 - 1 file changed, 0 insertions(+), 1 deletion(-) diff --git a/presentation/login.php b/presentation/login.php index d40a9e8..a861ac8 100644 --- a/presentation/login.php +++ b/presentation/login.php @@ -112,7 +112,6 @@ if ($loginAction == "loginForm") { // check for a location to forward to if (isset($redirect) && strlen(trim($redirect))>0) { - $redirect = sanitize($redirect); // remove any params from redirect before looking up from sitemap if (strstr($redirect, "?")) { $queryString = substr($redirect, strpos($redirect, "?")+1, strlen($redirect)); -- libgit2 0.21.4