chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Always loading the require_uri if entering the api_not_allowed see #6768

Browse Source
1.9.x
Julio Montoya 12 years ago
parent f9f499e2aa
commit b085adca68
2 changed files with 12 additions and 11 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      main/inc/lib/main_api.lib.php
  2. 4
      main/inc/lib/redirect.class.php

9
main/inc/lib/main_api.lib.php
Unescape View File

@ -2282,7 +2282,6 @@ function api_get_self() {
return htmlentities($_SERVER['PHP_SELF']); return htmlentities($_SERVER['PHP_SELF']);
} }
/* USER PERMISSIONS */ /* USER PERMISSIONS */
/** /**
@ -3045,11 +3044,11 @@ function api_not_allowed($print_headers = false, $message = null)
global $this_section; global $this_section;
if (empty($user_id)) { //if (empty($user_id)) {
// Why the CustomPages::enabled() need to be to set the request_uri // Why the CustomPages::enabled() need to be to set the request_uri
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
} //}
if (CustomPages::enabled() && !isset($user_id)) { if (CustomPages::enabled() && !isset($user_id)) {
CustomPages::display(CustomPages::INDEX_UNLOGGED); CustomPages::display(CustomPages::INDEX_UNLOGGED);

4
main/inc/lib/redirect.class.php
Unescape View File

@ -95,7 +95,9 @@ class Redirect {
self::navigate("$www/user_portal.php"); self::navigate("$www/user_portal.php");
} }
protected static function navigate($url) { protected static function navigate($url)
{
$url = Security::remove_XSS($url);
session_write_close(); //should not be neeeded session_write_close(); //should not be neeeded
header("Location: $url"); header("Location: $url");
exit; exit;

Write Preview
Loading…
Cancel
Save