Dotclear

Changeset 3352:bb06343f4247


Ignore:
Timestamp:
10/05/16 08:11:10 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
2.10
Message:

Fix CVE-2016-7903: Dotclear <= 2.10.2 Password Reset Address Spoof / addresses #2210 — Thank's Hongkun Zeng for report

File:
1 edited

Legend:

Unmodified
Added
Removed

  • admin/auth.php

    r3275 r3352  
    2929} 
    3030 
    31 $page_url = http::getHost().$_SERVER['REQUEST_URI']; 
     31if (defined('DC_ADMIN_URL')) { 
     32     $page_url = DC_ADMIN_URL.$core->adminurl->get('admin.auth'); 
     33} else { 
     34     $page_url = http::getHost().$_SERVER['REQUEST_URI']; 
     35} 
    3236 
    3337$change_pwd = $core->auth->allowPassChange() && isset($_POST['new_pwd']) && isset($_POST['new_pwd_c']) && isset($_POST['login_data']); 
Note: See TracChangeset for help on using the changeset viewer.

Sites map