diff --git a/html/user/login_action.php b/html/user/login_action.php index 92380072a7b..24dcb3e6de5 100644 --- a/html/user/login_action.php +++ b/html/user/login_action.php @@ -160,9 +160,11 @@ function login_with_ldap($uid, $passwd, $next_url, $perm) { } $next_url = post_str("next_url", true); -$next_url = urldecode($next_url); -$next_url = sanitize_local_url($next_url); -if (strlen($next_url) == 0) { +if ($next_url) { + $next_url = urldecode($next_url); + $next_url = sanitize_local_url($next_url); +} +if (!$next_url) { $next_url = USER_HOME; } @@ -183,7 +185,10 @@ function login_with_ldap($uid, $passwd, $next_url, $perm) { exit; } -$email_addr = strtolower(sanitize_tags(post_str("email_addr", true))); +$email_addr = post_str("email_addr", true); +if ($email_addr) { + $email_addr = strtolower(sanitize_tags($email_addr)); +} $passwd = post_str("passwd", true); if ($email_addr && $passwd) { if (LDAP_HOST && !is_valid_email_addr($email_addr)) { diff --git a/sched/file_upload_handler.cpp b/sched/file_upload_handler.cpp index ce528dc2c63..7c49c82a46f 100644 --- a/sched/file_upload_handler.cpp +++ b/sched/file_upload_handler.cpp @@ -316,6 +316,9 @@ int handle_file_upload(FILE* in, R_RSA_PUBLIC_KEY& key) { strcpy(name, ""); strcpy(xml_signature, ""); bool found_data = false; + + // TODO: use XML parser + while (boinc::fgets(buf, 256, in)) { log_messages.printf(MSG_DETAIL, "got:%s\n", buf); if (match_tag(buf, "")) continue;