diff options
| author | lpsolit%gmail.com <> | 2006-02-21 09:19:25 +0100 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-02-21 09:19:25 +0100 |
| commit | c401ba318f9dcd511b8aad742f09680b79cec135 (patch) | |
| tree | 6eec060d71a51ea2df06055443f8d50c606537a8 | |
| parent | c738859a411c63f64fa931a5275111aeb9d90fd8 (diff) | |
| download | bugzilla-c401ba318f9dcd511b8aad742f09680b79cec135.tar.gz bugzilla-c401ba318f9dcd511b8aad742f09680b79cec135.tar.xz | |
[SECURITY] Bug 325079: The login form on the Bugzilla home page may redirect your login and password to another site - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=justdave
| -rw-r--r-- | template/en/default/account/auth/login-small.html.tmpl | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl index 85802a771..a6e3b6ddb 100644 --- a/template/en/default/account/auth/login-small.html.tmpl +++ b/template/en/default/account/auth/login-small.html.tmpl @@ -21,7 +21,19 @@ [% PROCESS global/variables.none.tmpl %] -<form name="login" action="[% cgi.script_name FILTER html %]" method="POST"> +[%# Use the current script name. If an empty name is retuned, + # then we are accessing the home page. %] + +[% script_name = cgi.url(Relative => 1) %] + +[%# If SSL is in use, use 'sslbase', else use 'urlbase'. %] +[% IF Param("sslbase") != "" && Param("ssl") != "never" %] + [% script_name = Param("sslbase") _ script_name %] +[% ELSE %] + [% script_name = Param("urlbase") _ script_name %] +[% END %] + +<form name="login" action="[% script_name FILTER html %]" method="POST"> <table> <tr> <td align="right"><b>Login:</b></td> |