This commit is contained in:
Miraty 2022-06-17 15:45:52 +02:00
parent b579c57200
commit 4cafad3310
4 changed files with 13 additions and 9 deletions

View file

@ -76,3 +76,13 @@ function redirUrl($pageId) {
if (PAGE !== 'index') $currentPath .= PAGE;
return CONF['common']['prefix'] . "/$pageId?redir=$currentPath";
}
function redir() {
if (isset($_GET['redir'])) {
if (preg_match('/^[0-9a-z\/-]{0,128}$/', $_GET['redir']) !== 1)
userError("Wrong character in <code>redir</code>.");
header('Location: ' . CONF['common']['prefix'] . '/' . $_GET['redir']);
} else {
header('Location: ' . CONF['common']['prefix'] . '/');
}
}

View file

@ -33,12 +33,6 @@ $_SESSION['username'] = $_POST['username'];
if (outdatedPasswordHash($_SESSION['username']))
changePassword($_SESSION['username'], $_POST['password']);
if (isset($_GET['redir'])) {
if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir']) !== 1)
userError("Wrong character in <code>redir</code>.");
header("Location: " . CONF['common']['prefix'] . "/" . $_GET['redir']);
} else {
header("Location: " . CONF['common']['prefix'] . "/");
}
redir();
success("Connecté·e.");

View file

@ -6,5 +6,5 @@ if (session_status() === PHP_SESSION_ACTIVE)
session_destroy();
header('Clear-Site-Data: "*"');
header('Location: ' . CONF['common']['prefix'] . '/');
redir();
success("Déconnecté·e.");

View file

@ -52,6 +52,6 @@ $stmt->execute();
$_SESSION['username'] = $_POST['username'];
header('Location: ' . CONF['common']['prefix'] . '/');
redir();
success("Compte créé.");