tobias/friendica
1
0
Fork 0
Code Pull requests Activity

Merge pull request #2391 from Quix0r/fixes/http-security

Browse source 
Missing exit() after header('Location: bla') is bad news
This commit is contained in:
fabrixxm 2016-03-01 15:33:31 +01:00
parent 11310aa93b 8616f0cc35
commit be3fa8f8b1
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
index.php
View file

@ -72,7 +72,8 @@ if(!$install) {
(intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND
(substr($a->get_baseurl(), 0, 8) == "https://")) {
header("HTTP/1.1 302 Moved Temporarily");
header("location: ".$a->get_baseurl()."/".$a->query_string);
header("Location: ".$a->get_baseurl()."/".$a->query_string);
exit();
}
require_once("include/session.php");