dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix XSS on login page by removing $_REQUEST[path]

This commit is contained in:
markjcrane 2021-07-25 13:59:10 -06:00
parent ffd901b5ba
commit c3b811393d
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
resources/login.php
View File

@ -242,11 +242,6 @@
//set variable if not set
if (!isset($_SESSION['login']['domain_name_visible']['boolean'])) { $_SESSION['login']['domain_name_visible']['boolean'] = null; }
//set the requested destination after login
if (!empty($_REQUEST['path'])) {
$_SESSION['login']['destination']['url'] = $_REQUEST['path'];
}
//set a default login destination
if (strlen($_SESSION['login']['destination']['url']) == 0) {
$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/user_settings/user_dashboard.php";