diff --git a/html/user/login_action.php b/html/user/login_action.php
index 92380072a7b..24dcb3e6de5 100644
--- a/html/user/login_action.php
+++ b/html/user/login_action.php
@@ -160,9 +160,11 @@ function login_with_ldap($uid, $passwd, $next_url, $perm) {
}
$next_url = post_str("next_url", true);
-$next_url = urldecode($next_url);
-$next_url = sanitize_local_url($next_url);
-if (strlen($next_url) == 0) {
+if ($next_url) {
+ $next_url = urldecode($next_url);
+ $next_url = sanitize_local_url($next_url);
+}
+if (!$next_url) {
$next_url = USER_HOME;
}
@@ -183,7 +185,10 @@ function login_with_ldap($uid, $passwd, $next_url, $perm) {
exit;
}
-$email_addr = strtolower(sanitize_tags(post_str("email_addr", true)));
+$email_addr = post_str("email_addr", true);
+if ($email_addr) {
+ $email_addr = strtolower(sanitize_tags($email_addr));
+}
$passwd = post_str("passwd", true);
if ($email_addr && $passwd) {
if (LDAP_HOST && !is_valid_email_addr($email_addr)) {
diff --git a/sched/file_upload_handler.cpp b/sched/file_upload_handler.cpp
index ce528dc2c63..7c49c82a46f 100644
--- a/sched/file_upload_handler.cpp
+++ b/sched/file_upload_handler.cpp
@@ -316,6 +316,9 @@ int handle_file_upload(FILE* in, R_RSA_PUBLIC_KEY& key) {
strcpy(name, "");
strcpy(xml_signature, "");
bool found_data = false;
+
+ // TODO: use XML parser
+
while (boinc::fgets(buf, 256, in)) {
log_messages.printf(MSG_DETAIL, "got:%s\n", buf);
if (match_tag(buf, "")) continue;