]> wagnertech.de Git - kivitendo-erp.git/blobdiff - bin/mozilla/menuv3.pl
projects / kivitendo-erp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Nur realtive URIs für logon.pl?callback= erlauben.
[kivitendo-erp.git] / bin / mozilla / menuv3.pl
diff --git a/bin/mozilla/menuv3.pl b/bin/mozilla/menuv3.pl
index 43b9fc53129f14aae9837d415d0670bd76c6c8d9..31aadf9e7a3fa5693c7bd9916106f6c91186d076 100644 (file)
--- a/bin/mozilla/menuv3.pl
+++ b/bin/mozilla/menuv3.pl
@@ -34,6 +34,7 @@
 
 $menufile = "menu.ini";
 use SL::Menu;
+use URI;
 
 1;
 
@@ -44,7 +45,10 @@ sub display {
 
   $form->{date}     = clock_line();
   $form->{menu}     = acc_menu();
-  $form->{callback} = $form->unescape($form->{callback}) || "login.pl?action=company_logo";
+  my $callback      = $form->unescape($form->{callback});
+  $callback         = URI->new($callback)->rel($callback) if $callback;
+  $callback         = "login.pl?action=company_logo"      if $callback =~ /^(.\/)?$/;
+  $form->{callback} = $callback;
 
   print $form->parse_html_template("menu/menuv3");
 
Unnamed repository; edit this file 'description' to name the repository.