Merge pull request #2391 from Quix0r/fixes/http-security

Missing exit() after header('Location: bla') is bad news
This commit is contained in:
fabrixxm 2016-03-01 15:33:31 +01:00
commit be3fa8f8b1

View file

@ -72,7 +72,8 @@ if(!$install) {
(intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND (intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND
(substr($a->get_baseurl(), 0, 8) == "https://")) { (substr($a->get_baseurl(), 0, 8) == "https://")) {
header("HTTP/1.1 302 Moved Temporarily"); header("HTTP/1.1 302 Moved Temporarily");
header("location: ".$a->get_baseurl()."/".$a->query_string); header("Location: ".$a->get_baseurl()."/".$a->query_string);
exit();
} }
require_once("include/session.php"); require_once("include/session.php");