• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
Keine Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

Revision85b519a91ce9ddf9750570990f136ec08f3c3ed6 (tree)
Zeit2019-08-16 01:25:44
Autorumorigu <umorigu@gmai...>
Commiterumorigu

Log Message

BugTrack/2492 Fix FORM_AUTH behavior - Input credential 3 times

* Bug: Check unauthrized session without new username/password
* Improve Frontpage URL for url_after_login (Remove '?' char for top)

Ändern Zusammenfassung

Diff

--- a/lib/auth.php
+++ b/lib/auth.php
@@ -367,7 +367,11 @@ function basic_auth($page, $auth_enabled, $exit_on_fail, $auth_pages, $title_can
367367 header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
368368 header('HTTP/1.0 401 Unauthorized');
369369 } elseif (AUTH_TYPE_FORM === $auth_type) {
370- $url_after_login = get_base_uri() . '?' . $g_query_string;
370+ if (is_null($g_query_string)) {
371+ $url_after_login = get_base_uri();
372+ } else {
373+ $url_after_login = get_base_uri() . '?' . $g_query_string;
374+ }
371375 $loginurl = get_base_uri() . '?plugin=loginform'
372376 . '&page=' . rawurlencode($page)
373377 . '&url_after_login=' . rawurlencode($url_after_login);
@@ -375,7 +379,11 @@ function basic_auth($page, $auth_enabled, $exit_on_fail, $auth_pages, $title_can
375379 header('Location: ' . $loginurl);
376380 } elseif (AUTH_TYPE_EXTERNAL === $auth_type ||
377381 AUTH_TYPE_SAML === $auth_type) {
378- $url_after_login = get_base_uri(PKWK_URI_ABSOLUTE) . '?' . $g_query_string;
382+ if (is_null($g_query_string)) {
383+ $url_after_login = get_base_uri(PKWK_URI_ABSOLUTE);
384+ } else {
385+ $url_after_login = get_base_uri(PKWK_URI_ABSOLUTE) . '?' . $g_query_string;
386+ }
379387 $loginurl = get_auth_external_login_url($page, $url_after_login);
380388 header('HTTP/1.0 302 Found');
381389 header('Location: ' . $loginurl);
--- a/plugin/loginform.inc.php
+++ b/plugin/loginform.inc.php
@@ -36,7 +36,7 @@ function plugin_loginform_action()
3636 if ($username && $password && form_auth($username, $password)) {
3737 // Sign in successfully completed
3838 form_auth_redirect($url_after_login, $page_after_login);
39- return;
39+ exit; // or 'return FALSE;' - Don't double check for FORM_AUTH
4040 }
4141 if ($pcmd === 'logout') {
4242 // logout