Browse code

Ermögliche Angabe einer Redirect-URL für den Cert-Login

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1355 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on30/04/2009 19:27:39
Showing1 changed files
... ...
@@ -38,7 +38,7 @@ function get_logins_by_cert($cert)
38 38
 
39 39
 DEBUG($_ENV);
40 40
 
41
-if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']))
41
+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
42 42
 {
43 43
   DEBUG('recording client-cert');
44 44
   if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']))
... ...
@@ -67,6 +67,8 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
67 67
       $destination = 'go/index/index';
68 68
       if (check_path($account['startpage']))
69 69
         $destination = $account['startpage'];
70
+      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
71
+        $destination = $_REQUEST['destination'];
70 72
       header('Location: ../'.$destination);
71 73
       die();
72 74
     }
... ...
@@ -87,6 +89,8 @@ else
87 89
       $destination = 'go/index/index';
88 90
       if (check_path($ret[0]['startpage']))
89 91
         $destination = $ret[0]['startpage'];
92
+      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
93
+        $destination = $_REQUEST['destination'];
90 94
       header('Location: ../'.$destination);
91 95
       die();
92 96
     }
... ...
@@ -100,7 +104,7 @@ else
100 104
       elseif ($account['type'] == 'customer') {
101 105
         $type = 'Kundenaccount';
102 106
       }
103
-      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username'])).'</li>');
107
+      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
104 108
     }
105 109
     output('</ul>');
106 110
   } else {