[aur-dev] [PATCH] Redirect at previous page after a successful login

Marcel Korpel marcel.korpel at gmail.com
Fri Jun 19 13:50:57 UTC 2015


* Lukas Fleischer <lfleischer at archlinux.org> (Fri, 19 Jun 2015 15:04:14
+0200):
>> +                               <input id="id_referer"
>> type="hidden" name="referer"
>> value="<?= !empty($_SERVER['HTTP_REFERER']) ?
>> $_SERVER['HTTP_REFERER'] : '/'; ?>" />
> 
> Please use urlencode() to escape the value of
> $_SERVER['HTTP_REFERER'].

With due respect, I think you're wrong here: he is not writing a URL
parameter, but an HTML attribute. The URL-encoding has already been
taken into account by the browser at this point.

Please test it with a tag you create with a UTF-8 character in it,
click on it to open a search result page and then login and view the
source.

Best, Marcel


More information about the aur-dev mailing list