maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

don't add session-id to external redirects, thx to Sephi

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2014-02-19 11:08:43 +01:00
parent 4f4689c4e9
commit d6fdf887ce
4 changed files with 29 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
admin_index.php
View File

@@ -118,13 +118,13 @@ if ($page == 'overview') {
$isnewerversion = 0; $isnewerversion = 0;
} }
} else { } else {
redirectTo($update_check_uri.'/pretty', NULL); redirectTo($update_check_uri.'/pretty', NULL, false);
} }
} else { } else {
redirectTo($update_check_uri.'/pretty', NULL); redirectTo($update_check_uri.'/pretty', NULL, false);
} }
} else { } else {
redirectTo($update_check_uri.'/pretty', NULL); redirectTo($update_check_uri.'/pretty', NULL, false);
} }
} else { } else {
$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere']; $lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];

6
admin_settings.php
View File

@@ -202,7 +202,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$log->logAction(ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords"); $log->logAction(ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';"); Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'"); Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
redirectTo('admin_settings.php', array('s' => $s)); redirectTo($filename, array('s' => $s));
} else { } else {
ask_yesno('admin_cleartextmailpws_reallywipe', $filename, array('page' => $page)); ask_yesno('admin_cleartextmailpws_reallywipe', $filename, array('page' => $page));
@@ -221,7 +221,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
// Set the quota to 0 which means unlimited // Set the quota to 0 which means unlimited
Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';"); Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';");
Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'"); Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'");
redirectTo('admin_settings.php', array('s' => $s)); redirectTo($filename, array('s' => $s));
} else { } else {
ask_yesno('admin_quotas_reallywipe', $filename, array('page' => $page)); ask_yesno('admin_quotas_reallywipe', $filename, array('page' => $page));
@@ -259,7 +259,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
// Update the Customer, if the used quota is bigger than the allowed quota // Update the Customer, if the used quota is bigger than the allowed quota
Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`"); Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
$log->logAction(ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . Settings::Get('system.mail_quota') . ' MB'); $log->logAction(ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . Settings::Get('system.mail_quota') . ' MB');
redirectTo('admin_settings.php', array('s' => $s)); redirectTo($filename, array('s' => $s));
} else { } else {
ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page)); ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page));

30
index.php
View File

@@ -104,7 +104,7 @@ if ($action == 'login') {
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR'])); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']));
$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login."); $rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");
redirectTo('index.php', array('showmessage' => '2'), true); redirectTo('index.php', array('showmessage' => '2'));
exit; exit;
} }
} }
@@ -116,7 +116,7 @@ if ($action == 'login') {
$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC); $userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);
if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) { if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) {
redirectTo('index.php', array('showmessage' => '3'), true); redirectTo('index.php', array('showmessage' => '3'));
exit; exit;
} elseif ($userinfo['password'] == md5($password)) { } elseif ($userinfo['password'] == md5($password)) {
// login correct // login correct
@@ -141,7 +141,7 @@ if ($action == 'login') {
$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password."); $rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password.");
unset($userinfo); unset($userinfo);
redirectTo('index.php', array('showmessage' => '2'), true); redirectTo('index.php', array('showmessage' => '2'));
exit; exit;
} }
@@ -215,23 +215,23 @@ if ($action == 'login') {
if ($userinfo['adminsession'] == '1') { if ($userinfo['adminsession'] == '1') {
if (hasUpdates($version)) { if (hasUpdates($version)) {
redirectTo('admin_updates.php', array('s' => $s), true); redirectTo('admin_updates.php', array('s' => $s));
} else { } else {
if (isset($_POST['script']) && $_POST['script'] != "") { if (isset($_POST['script']) && $_POST['script'] != "") {
redirectTo($_POST['script'], $qryparams, true); redirectTo($_POST['script'], $qryparams);
} else { } else {
redirectTo('admin_index.php', $qryparams, true); redirectTo('admin_index.php', $qryparams);
} }
} }
} else { } else {
if (isset($_POST['script']) && $_POST['script'] != "") { if (isset($_POST['script']) && $_POST['script'] != "") {
redirectTo($_POST['script'], $qryparams, true); redirectTo($_POST['script'], $qryparams);
} else { } else {
redirectTo('customer_index.php', $qryparams, true); redirectTo('customer_index.php', $qryparams);
} }
} }
} else { } else {
redirectTo('index.php', array('showmessage' => '2'), true); redirectTo('index.php', array('showmessage' => '2'));
} }
exit; exit;
} else { } else {
@@ -323,7 +323,7 @@ if ($action == 'forgotpwd') {
/* Check whether user is banned */ /* Check whether user is banned */
if ($user['deactivated']) { if ($user['deactivated']) {
$message = $lng['pwdreminder']['notallowed']; $message = $lng['pwdreminder']['notallowed'];
redirectTo('index.php', array('showmessage' => '5'), true); redirectTo('index.php', array('showmessage' => '5'));
} }
if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) { if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {
@@ -415,12 +415,12 @@ if ($action == 'forgotpwd') {
if ($_mailerror) { if ($_mailerror) {
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset')); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg); $rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
redirectTo('index.php', array('showmessage' => '4', 'customermail' => $user['email']), true); redirectTo('index.php', array('showmessage' => '4', 'customermail' => $user['email']));
exit; exit;
} }
$mail->ClearAddresses(); $mail->ClearAddresses();
redirectTo('index.php', array('showmessage' => '1'), true); redirectTo('index.php', array('showmessage' => '1'));
exit; exit;
} else { } else {
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset')); $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
@@ -511,17 +511,17 @@ if ($action == 'resetpwd') {
AND `userid` = :userid" AND `userid` = :userid"
); );
Database::pexecute($stmt, array("activationcode" => $activationcode, "userid" => $result['userid'])); Database::pexecute($stmt, array("activationcode" => $activationcode, "userid" => $result['userid']));
redirectTo('index.php', array("showmessage" => '6'), true); redirectTo('index.php', array("showmessage" => '6'));
} }
} else { } else {
redirectTo('index.php', array("showmessage" => '7'), true); redirectTo('index.php', array("showmessage" => '7'));
} }
} }
eval("echo \"" . getTemplate('rpwd') . "\";"); eval("echo \"" . getTemplate('rpwd') . "\";");
} else { } else {
redirectTo('index.php', array("showmessage" => '7'), true); redirectTo('index.php', array("showmessage" => '7'));
} }
} else { } else {

6
lib/functions/output/function.redirectTo.php
View File

@@ -36,7 +36,7 @@
* - fixed bug #91 * - fixed bug #91
*/ */
function redirectTo($destination, $get_variables = null, $isRelative = false) { function redirectTo($destination, $get_variables = null, $isRelative = true) {
global $s; global $s;
@@ -77,7 +77,11 @@ function redirectTo($destination, $get_variables = null, $isRelative = false) {
exit; exit;
} elseif ($get_variables == null) { } elseif ($get_variables == null) {
if ($isRelative) {
$linker = new linker($destination, $s); $linker = new linker($destination, $s);
} else {
$linker = new linker($destination);
}
header('Location: ' . $linker->getLink()); header('Location: ' . $linker->getLink());
exit; exit;
} }