Opened 3 years ago

Closed 3 years ago

#1606 closed Bug/Fehler (fixed)

Code bzgl. 'admin' in

Reported by: noRiddle Owned by: somebody
Priority: normal Milestone: modified-shop-
Component: Shop Version:

Description (last modified by Tomcraft)

In /inc/ findet sich dieser Code:

    $_SESSION['REFERER'] = '';
    if (strpos($PHP_SELF, 'admin') === false &&
        strpos($PHP_SELF, FILENAME_CHECKOUT_SUCCESS) === false &&
        strpos($PHP_SELF, FILENAME_LOGIN) === false &&
        strpos($PHP_SELF, FILENAME_PASSWORD_DOUBLE_OPT) === false)
      $_SESSION['REFERER'] = basename($PHP_SELF);

Ich habe jetzt nicht untersucht wofür und wo


verwendet wird, vermute jedoch, daß man mit

strpos($PHP_SELF, 'admin') === false

das Admin-Verzeichnis ausschließen will.

Da man das Admin-Verzeichnis jedoch frei benennen kann greift der genannte Code nicht und müsste eher so lauten:

if (strpos($PHP_SELF, DIR_ADMIN) === false &&

Korrekt oder fehlt mir das Wissen über einen Zusammenhang ?


Attachments (0)

Change History (2)

comment:1 Changed 3 years ago by Tomcraft

  • Description modified (diff)
  • Milestone set to modified-shop-
  • Reporter changed from anonymous to noRiddle

comment:2 Changed 3 years ago by GTB

  • Resolution set to fixed
  • Status changed from new to closed

In 11677:

fix #1606

Add Comment

Modify Ticket

as closed
The resolution will be deleted. Next status will be 'reopened'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.