diff options
| author | Justin J. Novack <jnovack@gmail.com> | 2012-09-16 11:53:48 -0400 |
|---|---|---|
| committer | Justin J. Novack <jnovack@gmail.com> | 2012-09-16 11:53:48 -0400 |
| commit | fbaebb7485cfab4948b8fe000ef2a5279b376f04 (patch) | |
| tree | 9ffcb4ff6e33f68399827cacb52d32061b4bf62c | |
| parent | 5119a5d74428296166658ff746010b8c32abd67f (diff) | |
| download | phorkie-fbaebb7485cfab4948b8fe000ef2a5279b376f04.tar.gz phorkie-fbaebb7485cfab4948b8fe000ef2a5279b376f04.zip | |
FIX: add exit() after header('Location')
| -rw-r--r-- | www/auth.php | 5 | ||||
| -rw-r--r-- | www/secure.php | 1 |
2 files changed, 4 insertions, 2 deletions
diff --git a/www/auth.php b/www/auth.php index 8fe38e0..6d13f7e 100644 --- a/www/auth.php +++ b/www/auth.php @@ -230,10 +230,10 @@ if (isset($_POST['start'])) { $openid = $message->getArrayFormat(); if ($GLOBALS['phorkie']['auth']['secure'] > 0 && $GLOBALS['phorkie']['auth']['userlist']) { - if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) { + if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) { $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden"; header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); - exit; + exit; } } // include_once 'openid/wrapper.php'; @@ -253,6 +253,7 @@ if (isset($_POST['start'])) { $redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']; header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL)); + exit; } ?> diff --git a/www/secure.php b/www/secure.php index 5893033..07cdfb6 100644 --- a/www/secure.php +++ b/www/secure.php @@ -7,5 +7,6 @@ require_once 'www-header.php'; $_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI']; if (!isset($_SESSION['identity'])) { header("Location: /login"); + exit; } ?> |