[SECURITY] Bug 325079: The login form on the Bugzilla home page may redirect your...

author lpsolit%gmail.com <>

Tue, 21 Feb 2006 08:24:51 +0000 (08:24 +0000)

committer lpsolit%gmail.com <>

Tue, 21 Feb 2006 08:24:51 +0000 (08:24 +0000)
author lpsolit%gmail.com <>
Tue, 21 Feb 2006 08:24:51 +0000 (08:24 +0000)
committer lpsolit%gmail.com <>
Tue, 21 Feb 2006 08:24:51 +0000 (08:24 +0000)
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl

index 85802a7710cb57508e5f3bcf19cf557eae89350b..a6e3b6ddb613b963df7f6c54e40c455377926fa5 100644 (file)
--- a/template/en/default/account/auth/login-small.html.tmpl
+++ b/template/en/default/account/auth/login-small.html.tmpl
@@ -21,7 +21,19 @@
  
  [% PROCESS global/variables.none.tmpl %]
  
-<form name="login" action="[% cgi.script_name FILTER html %]" method="POST">
+[%# Use the current script name. If an empty name is retuned,
+  # then we are accessing the home page. %]
+
+[% script_name = cgi.url(Relative => 1) %]
+
+[%# If SSL is in use, use 'sslbase', else use 'urlbase'. %]
+[% IF Param("sslbase") != "" && Param("ssl") != "never" %]
+  [% script_name = Param("sslbase") _ script_name %]
+[% ELSE %]
+  [% script_name = Param("urlbase") _ script_name %]
+[% END %]
+
+<form name="login" action="[% script_name FILTER html %]" method="POST">
    <table>
      <tr>
        <td align="right"><b>Login:</b></td>
author	lpsolit%gmail.com <>
	Tue, 21 Feb 2006 08:24:51 +0000 (08:24 +0000)
committer	lpsolit%gmail.com <>
	Tue, 21 Feb 2006 08:24:51 +0000 (08:24 +0000)