nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix XSS on login page by removing $_REQUEST[path]

Browse Source
This commit is contained in:
markjcrane
2021-07-25 13:59:10 -06:00
parent ffd901b5ba
commit c3b811393d
1 changed files with 0 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
resources/login.php
View File

@@ -242,11 +242,6 @@
//set variable if not set
if (!isset($_SESSION['login']['domain_name_visible']['boolean'])) { $_SESSION['login']['domain_name_visible']['boolean'] = null; }
//set the requested destination after login
if (!empty($_REQUEST['path'])) {
$_SESSION['login']['destination']['url'] = $_REQUEST['path'];
}
//set a default login destination
if (strlen($_SESSION['login']['destination']['url']) == 0) {
$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/user_settings/user_dashboard.php";