[SECURITY] Bug 325079: The login form on the Bugzilla home page may redirect…

[SECURITY] Bug 325079: The login form on the Bugzilla home page may redirect your login and password to another site - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=justdave

[SECURITY] Bug 325079: The login form on the Bugzilla home page may redirect…
c401ba31 · lpsolit%gmail.com · c738859a · c401ba31
Commit c401ba31 authored Feb 21, 2006 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 1 deletion

login-small.html.tmpl template/en/default/account/auth/login-small.html.tmpl +13 -1

No files found.
--- a/template/en/default/account/auth/login-small.html.tmpl
+++ b/template/en/default/account/auth/login-small.html.tmpl
@@ -21,7 +21,19 @@
 [% PROCESS global/variables.none.tmpl %]
-<form name="login" action="[% cgi.script_name FILTER html %]" method="POST">
+[%# Use the current script name. If an empty name is retuned,
+  # then we are accessing the home page. %]
+[% script_name = cgi.url(Relative => 1) %]
+[%# If SSL is in use, use 'sslbase', else use 'urlbase'. %]
+[% IF Param("sslbase") != "" && Param("ssl") != "never" %]
+  [% script_name = Param("sslbase") _ script_name %]
+[% ELSE %]
+  [% script_name = Param("urlbase") _ script_name %]
+[% END %]
+<form name="login" action="[% script_name FILTER html %]" method="POST">
  <table>
    <tr>
      <td align="right"><b>Login:</b></td>