use CGI::Carp qw(fatalsToBrowser);
use Encode;
+use URI;
1;
# end of main
sub display {
$locale = Locale->new($language, "menu");
my $charset = $dbcharset || 'ISO-8859-1';
- my $callback = $form->unescape($form->{callback}) || "login.pl?action=company_logo";
+ my $callback = $form->unescape($form->{callback});
+ $callback = URI->new($callback)->rel($callback) if $callback;
+ $callback = "login.pl?action=company_logo" if $callback =~ /^(.\/)?$/;
my $text = $form->create_http_response('content_type' => 'text/xml',
'charset' => $charset)