Remove full path from redirection
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 20:28:18 +0000 (20:28 +0000)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 20:28:18 +0000 (20:28 +0000)
This is(was) not rfc compliant, but all browser support that now

webroot/index.php
webroot/squasher.php

index 5e003e15c27b6cfee94b0db0ef2e4615e42218f4..f3bdc5bcc4de037f33c0f730cc3771ab7686f0b1 100644 (file)
@@ -9,7 +9,7 @@ $salt = md5($_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']);
 if (@$_GET['tools']=="logout"){
        session_destroy();
        $_SESSION['creds']['validated'] = false;
-       header( 'Location: '.$_SERVER['PHP_SELF'] ) ;
+       header( 'Location: .' ) ;
 }
 
 if (!@$_SESSION['creds']['validated']){
index 5c41ca14ae7fa7927f18e9574ea7e24ad965b80b..bd0e817ac3038a6b525cc2813dd14caf0fc81497 100644 (file)
@@ -73,14 +73,14 @@ if (@$_GET['f']) {
                fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
                fclose($handle);
                $path=$request['path'];
-               header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
+               header( 'Location: ?path='.$path) ;
        }
 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
        if ($_SESSION['creds']['user_level'] > 99) {
                $request = $squashweb->get_config($_GET['h']);
                @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
                $path=$request['path'];
-               header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
+               header( 'Location: ?path='.$path) ;
        }
 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
        if ($_SESSION['creds']['user_level'] > 99) {
@@ -96,7 +96,7 @@ if (@$_GET['f']) {
                        $squashweb->delete_file($h, $_SESSION['creds']);
                }
                $path=$request['path'];
-               header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
+               header( 'Location: ?path='.$path);
        }
 
 } elseif (@$_POST['tools']=="mkdir" && isset($_GET['path']) && isset($_POST['newname']) && $_SESSION['creds']['user_level'] > 99) {