1 |
wellsi |
1.1 |
diff -ruN e-smith-manager-2.4.0.old/root/etc/e-smith/web/common/cgi-bin/login e-smith-manager-2.4.0/root/etc/e-smith/web/common/cgi-bin/login |
2 |
|
|
--- e-smith-manager-2.4.0.old/root/etc/e-smith/web/common/cgi-bin/login 2013-01-31 13:31:37.000000000 -0800 |
3 |
|
|
+++ e-smith-manager-2.4.0/root/etc/e-smith/web/common/cgi-bin/login 2013-02-23 21:40:35.000000000 -0800 |
4 |
|
|
@@ -101,6 +101,7 @@ |
5 |
|
|
$back ||= $q->param($at->back_arg_name) if $at->back_arg_name; |
6 |
|
|
#warn "back from cgi param is $back\n" if $back; |
7 |
|
|
$back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $BACK_REFERER; |
8 |
|
|
+$back = uri_unescape($back) if $back && $back =~ m/^https?%3A%2F%2F/i; |
9 |
|
|
$back =~ s/^http:/https:/; |
10 |
|
|
#warn "back is $back\n"; |
11 |
|
|
if ($back && $back =~ m!^/!) { |
12 |
|
|
@@ -113,7 +114,7 @@ |
13 |
|
|
$back = 'http://' . $back; |
14 |
|
|
#warn "back is $back\n"; |
15 |
|
|
} |
16 |
|
|
-$back = uri_unescape($back) if $back && $back =~ m/^https?%3A%2F%2F/; |
17 |
|
|
+ |
18 |
|
|
#warn "back is $back\n"; |
19 |
|
|
my $back_esc = uri_escape($back) if $back; |
20 |
|
|
my $back_html = escapeHTML($back) if $back; |