Fix hidden form elements to include only $_GET vars

author jollytoad <jollytoad>

Thu, 3 Mar 2005 14:54:07 +0000 (14:54 +0000)

committer jollytoad <jollytoad>

Thu, 3 Mar 2005 14:54:07 +0000 (14:54 +0000)
author jollytoad <jollytoad>
Thu, 3 Mar 2005 14:54:07 +0000 (14:54 +0000)
committer jollytoad <jollytoad>
Thu, 3 Mar 2005 14:54:07 +0000 (14:54 +0000)
diff --git a/login.php b/login.php

index 686c15ca82077399024d05234bd2ce0704784767..b0d0d9ebff26b470c25e3882d6580a18c7ae4045 100755 (executable)
--- a/login.php
+++ b/login.php
@@ -3,7 +3,7 @@
         /**
          * Login screen
          *
-        * $Id: login.php,v 1.23.2.1 2005/03/01 10:47:03 jollytoad Exp $
+        * $Id: login.php,v 1.23.2.2 2005/03/03 14:54:07 jollytoad Exp $
          */
  
         // This needs to be an include once to prevent lib.inc.php infinite recursive includes.
@@ -27,8 +27,8 @@
  <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post" name="login_form">
  <?php
         // Pass request vars through form (is this a security risk???)
-       foreach ($_REQUEST as $key => $val) {
-               if (substr($key,0,5) == 'login' || $key == 'PPA_ID') continue;
+       foreach ($_GET as $key => $val) {
+               if (substr($key,0,5) == 'login') continue;
                 echo "<input type=\"hidden\" name=\"", htmlspecialchars($key), "\" value=\"", htmlspecialchars($val), "\" />\n";
         }
  ?>
author	jollytoad <jollytoad>
	Thu, 3 Mar 2005 14:54:07 +0000 (14:54 +0000)
committer	jollytoad <jollytoad>
	Thu, 3 Mar 2005 14:54:07 +0000 (14:54 +0000)