Redirect URL after input a correct password on protect album

fatman · November 2009

I have just test on 2009-11-27-trunk.zip with default theme.

My zenphoto installation is not at root path, it is "zenphoto", so the redirect URL in password form is
/zenphoto/index.php?userlog=1&album=xxxxxxx

However, the redirect in functions.php is
header("Location: " . FULLWEBPATH . "/" . sanitize_path($_POST['redirect']));

Then, the outcome is
http://mydomain.com/zenphoto//zenphoto/index.php?userlog=1&album=xxxxxxx

My temp solution is replace the FULLWEBPATH to "http://" . $_SERVER['HTTP_HOST']

sbillard · November 2009

Fix will be in the nightly tonight. Thanks for the report.

fatman · December 2009

I found that in 1.2.7 changed to

$redirect_to = sanitize_path($_POST['redirect']);
if (strpos($redirect_to,WEBPATH.'/')===0) {^M
$redirect_to = substr($redirect_to,strlen(WEBPATH)+1);
}

but seem the sanitize_path() remove the first '/' of the path, the if case is false, so the redirect path still incorrect.

sbillard · December 2009

Ok, fixed in tonight's build

Zenphoto

Quick Links

Categories

Problems? Lost?

Need project help?

Like using Zenphoto? Donate!

Redirect URL after input a correct password on protect album

Comments

RSS feeds!

Social networks

Join the Google Group!

Information

Legal stuff