|
@@ 677-681 (lines=5) @@
|
| 674 |
|
{ |
| 675 |
|
$url = base64_decode(self::get('url')); |
| 676 |
|
$url_info = parse_url($url); |
| 677 |
|
if(!Password::checkSignature($url, self::get('sig'))) |
| 678 |
|
{ |
| 679 |
|
echo self::get('lang')->msg_invalid_request; |
| 680 |
|
return false; |
| 681 |
|
} |
| 682 |
|
|
| 683 |
|
$url_info['query'].= ($url_info['query'] ? '&' : '') . 'SSOID=' . urlencode(session_id()) . '&sig=' . urlencode(Password::createSignature(session_id())); |
| 684 |
|
$redirect_url = sprintf('%s://%s%s%s?%s', $url_info['scheme'], $url_info['host'], $url_info['port'] ? ':' . $url_info['port'] : '', $url_info['path'], $url_info['query']); |
|
@@ 696-700 (lines=5) @@
|
| 693 |
|
// result handling : set session_name() |
| 694 |
|
if($session_name = self::get('SSOID')) |
| 695 |
|
{ |
| 696 |
|
if(!Password::checkSignature($session_name, self::get('sig'))) |
| 697 |
|
{ |
| 698 |
|
echo self::get('lang')->msg_invalid_request; |
| 699 |
|
return false; |
| 700 |
|
} |
| 701 |
|
|
| 702 |
|
setcookie(session_name(), $session_name); |
| 703 |
|
|
xpressengine /
xe-core
