mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Display returnto URL above the login form if present to further mitigate CSRF issues
This commit is contained in:
parent
2e1e1d0535
commit
4f3a1c3757
2 changed files with 5 additions and 0 deletions
|
@ -4,6 +4,9 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
|||
|
||||
## v0.24-dev
|
||||
|
||||
### Changed
|
||||
- Display returnto URL above the login form if present to further mitigate CSRF issues
|
||||
|
||||
### Fixed
|
||||
- [security] Fixed an XSS vulnerability in the `format` GET parameter of the `stats` action (thanks, @JamieSlome)
|
||||
- [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
|
||||
|
|
|
@ -53,6 +53,8 @@ register_module([
|
|||
$content .= "\t\t<p><em>Login failed.</em></p>\n";
|
||||
if(isset($_GET["required"]))
|
||||
$content .= "\t\t<p><em>$settings->sitename requires that you login before continuing.</em></p>\n";
|
||||
if(isset($_GET["returnto"]))
|
||||
$content .= "\t\t<p>Login to be redirected to <code>".htmlentities($_GET["returnto"])."</code>.</p>";
|
||||
$content .= "\t\t<form method='post' action='$login_form_action_url'>
|
||||
<label for='user'>Username:</label>
|
||||
<input type='text' name='user' id='user' autofocus />
|
||||
|
|
Loading…
Reference in a new issue