Merge pull request #2391 from Quix0r/fixes/http-security
Missing exit() after header('Location: bla') is bad news
This commit is contained in:
commit
be3fa8f8b1
1 changed files with 2 additions and 1 deletions
|
@ -72,7 +72,8 @@ if(!$install) {
|
||||||
(intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND
|
(intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND
|
||||||
(substr($a->get_baseurl(), 0, 8) == "https://")) {
|
(substr($a->get_baseurl(), 0, 8) == "https://")) {
|
||||||
header("HTTP/1.1 302 Moved Temporarily");
|
header("HTTP/1.1 302 Moved Temporarily");
|
||||||
header("location: ".$a->get_baseurl()."/".$a->query_string);
|
header("Location: ".$a->get_baseurl()."/".$a->query_string);
|
||||||
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
require_once("include/session.php");
|
require_once("include/session.php");
|
||||||
|
|
Loading…
Reference in a new issue