Merge pull request #521 from ArthurHoaro/hotfix/404login

Use generateLocation to set the redirection in login (and don't escape the url)
author: VirtualTam <virtualtam@flibidi.net> 2016-03-24 00:27:15 +0100
committer: VirtualTam <virtualtam@flibidi.net> 2016-03-24 00:27:15 +0100
commit: b2764886c7b52ed98debb90b2ebf075dec5ae2e8 (patch)
tree: 72b3ec6fdf6bad5dbb632a2a6d15a50185995b53 /index.php
parent: 5816801b15e1a0e53f87aa48267243bff44b5f64 (diff)
parent: e15f08d72a7e5f697fe4d64f1bd48465052ca115 (diff)
download: Shaarli-b2764886c7b52ed98debb90b2ebf075dec5ae2e8.tar.gz
Shaarli-b2764886c7b52ed98debb90b2ebf075dec5ae2e8.tar.zst
Shaarli-b2764886c7b52ed98debb90b2ebf075dec5ae2e8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index 850b350e..27db10ba 100644
--- a/index.php
+++ b/index.php
@@ -483,7 +483,7 @@ if (isset($_POST['login']))
        if (isset($_POST['returnurl'])) {
            // Prevent loops over login screen.
            if (strpos($_POST['returnurl'], 'do=login') === false) {
-                header('Location: '. escape($_POST['returnurl']));
+                header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST']));
                exit;
            }
        }
author	VirtualTam <virtualtam@flibidi.net>	2016-03-24 00:27:15 +0100
committer	VirtualTam <virtualtam@flibidi.net>	2016-03-24 00:27:15 +0100
commit	b2764886c7b52ed98debb90b2ebf075dec5ae2e8 (patch)
tree	72b3ec6fdf6bad5dbb632a2a6d15a50185995b53 /index.php
parent	5816801b15e1a0e53f87aa48267243bff44b5f64 (diff)
parent	e15f08d72a7e5f697fe4d64f1bd48465052ca115 (diff)
download	Shaarli-b2764886c7b52ed98debb90b2ebf075dec5ae2e8.tar.gz Shaarli-b2764886c7b52ed98debb90b2ebf075dec5ae2e8.tar.zst Shaarli-b2764886c7b52ed98debb90b2ebf075dec5ae2e8.zip

diff --git a/index.php b/index.php index 850b350e..27db10ba 100644 --- a/index.php +++ b/index.php
@@ -483,7 +483,7 @@ if (isset($_POST['login']))
483	if (isset($_POST['returnurl'])) {	483	if (isset($_POST['returnurl'])) {
484	// Prevent loops over login screen.	484	// Prevent loops over login screen.
485	if (strpos($_POST['returnurl'], 'do=login') === false) {	485	if (strpos($_POST['returnurl'], 'do=login') === false) {
486	header('Location: '. escape($_POST['returnurl']));	486	header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST']));
487	exit;	487	exit;
488	}	488	}
489	}	489	}