[aur-dev] [PATCH] Redirect at previous page after a successful login
Lukas Fleischer
lfleischer at archlinux.org
Fri Jun 19 15:26:27 UTC 2015
On Fri, 19 Jun 2015 at 15:50:57, Marcel Korpel wrote:
> * Lukas Fleischer <lfleischer at archlinux.org> (Fri, 19 Jun 2015 15:04:14
> +0200):
> >> + <input id="id_referer"
> >> type="hidden" name="referer"
> >> value="<?= !empty($_SERVER['HTTP_REFERER']) ?
> >> $_SERVER['HTTP_REFERER'] : '/'; ?>" />
> >
> > Please use urlencode() to escape the value of
> > $_SERVER['HTTP_REFERER'].
>
> With due respect, I think you're wrong here: he is not writing a URL
> parameter, but an HTML attribute. The URL-encoding has already been
> taken into account by the browser at this point.
> [...]
Yeah, you're right. Good catch! It should be
htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES)
then.
More information about the aur-dev
mailing list