Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.26.0

Bug #10907 SECURITY: login.php redirects to any URL
Submitted: 2007-05-01 18:25 UTC Modified: 2007-05-01 18:28 UTC
From: cellog Assigned: cellog
Status: Closed Package: pearweb (version 1.14.0)
PHP Version: Irrelevant OS: n/a
Roadmaps: 1.15.0    
Subscription  


 [2007-05-01 18:25 UTC] cellog (Greg Beaver)
Description: ------------ Although login.php contains a fix to prevent redirect to non-local urls, it was implemented incorrectly as a search for urlencoded() value.

Comments

 [2007-05-01 18:28 UTC] cellog (Greg Beaver)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.