mirror_php/Jirafeau
1
0
Fork 0
mirror of https://gitlab.com/mojo42/Jirafeau.git synced 2025-01-18 05:18:38 +01:00
Code Issues Projects Releases Wiki Activity

[FEATURE] Installer: Remove (unknown) form target URL

Browse Source 
The domain on which Jirafeau is running, is not yet
defined while installing the project. In order to build valid
action links for the form, the script generated a possible URL
using the request header. This method may fail for proxies
or while using HTTPS or due to spoofing or…

In HTML5 we can safely omnit the action attribute (see
http://stackoverflow.com/a/9678030), which will cause the browser
to send the request to the exact same URL again.

This way we can avoid the URL guessing during the installation.

Refs #79
This commit is contained in:
Dan Untenzu 2017-01-18 19:00:44 +01:00 committed by Jerome Jutteau
parent c147db2590
commit 50f88df47f
1 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
install.php
View File

@ -206,8 +206,7 @@ case 1:
default:
?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
' %d ' . t('out of') . ' %d', 1, 4);
?></h2> <div id = "install"> <form action =
"<?php echo basename(__FILE__); ?>" method = "post"> <input type =
?></h2> <div id = "install"> <form method="post"> <input type =
"hidden" name = "jirafeau" value =
"<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
"step" value = "1" /><fieldset> <legend><?php echo t('Language');
@ -240,8 +239,7 @@ break;
case 2:
?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
' %d ' . t('out of') . ' %d', 2, 4);
?></h2> <div id = "install"> <form action =
"<?php echo basename(__FILE__); ?>" method = "post"> <input type =
?></h2> <div id = "install"> <form method="post"> <input type =
"hidden" name = "jirafeau" value =
"<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
"step" value = "2" /><fieldset> <legend><?php
@ -272,8 +270,7 @@ break;
case 3:
?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
' %d ' . t('out of') . ' %d', 3, 4);
?></h2> <div id = "install"> <form action =
"<?php echo basename(__FILE__); ?>" method = "post"> <input type =
?></h2> <div id = "install"> <form method="post"> <input type =
"hidden" name = "jirafeau" value =
"<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
"step" value =
@ -328,8 +325,7 @@ break;
case 4:
?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
' %d ' . t('out of') . ' %d', 4, 4);
?></h2> <div id = "install"> <form action =
"<?php echo basename(__FILE__); ?>" method = "post"> <input type =
?></h2> <div id = "install"> <form method="post"> <input type =
"hidden" name = "jirafeau" value =
"<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
"step" value =
@ -350,8 +346,7 @@ case 4:
if ($err['has_error'])
{
echo '<div class="error"><p>'.$err['why'].'<br />'.NL;
?><form action = "<?php echo basename(__FILE__); ?>" method =
"post"> <input type = "hidden" name = "jirafeau" value =
?><form method="post"> <input type = "hidden" name = "jirafeau" value =
"<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
"step" value = "4" /><input type = "submit" name =
"retry" value =