[aur-dev] [PATCH] Redirect at previous page after a successful login
Marcel Korpel
marcel.korpel at gmail.com
Fri Jun 19 13:50:57 UTC 2015
* Lukas Fleischer <lfleischer at archlinux.org> (Fri, 19 Jun 2015 15:04:14
+0200):
>> + <input id="id_referer"
>> type="hidden" name="referer"
>> value="<?= !empty($_SERVER['HTTP_REFERER']) ?
>> $_SERVER['HTTP_REFERER'] : '/'; ?>" />
>
> Please use urlencode() to escape the value of
> $_SERVER['HTTP_REFERER'].
With due respect, I think you're wrong here: he is not writing a URL
parameter, but an HTML attribute. The URL-encoding has already been
taken into account by the browser at this point.
Please test it with a tag you create with a UTF-8 character in it,
click on it to open a search result page and then login and view the
source.
Best, Marcel
More information about the aur-dev
mailing list