[Mapbender-commits] r10205 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Mon Aug 12 20:27:58 PDT 2019
Author: armin11
Date: 2019-08-12 20:27:58 -0700 (Mon, 12 Aug 2019)
New Revision: 10205
Modified:
trunk/mapbender/http/php/mod_editElements.php
Log:
Security fix - passwords are not transferred via http-get when showing gui preview
Modified: trunk/mapbender/http/php/mod_editElements.php
===================================================================
--- trunk/mapbender/http/php/mod_editElements.php 2019-08-09 08:30:03 UTC (rev 10204)
+++ trunk/mapbender/http/php/mod_editElements.php 2019-08-13 03:27:58 UTC (rev 10205)
@@ -339,7 +339,7 @@
Mapbender::session()->set("mb_user_myGui",$guiList1);
echo "<script language='javascript'>";
- echo "window.open('../frames/login.php?".strip_tags (SID)."&name=".Mapbender::session()->get("mb_user_name")."&password=".urlencode(Mapbender::session()->get("mb_user_password"))."&mb_user_myGui=".$guiList1."','','');";
+ echo "window.open('../frames/index.php?&gui_id=".$guiList1."','','');";
echo "</script>";
}
if(isset($all) && $all == '1'){
More information about the Mapbender_commits
mailing list