API Removed 'BadLoginURL' session var from MemberLoginForm

It was never set in core, and is generally undocumented,
hence just unnecessarily increases the security surface
of this sensitive class.
This commit is contained in:
Ingo Schommer 2013-02-05 22:49:06 +01:00
parent b350ded87c
commit 18c9a95996

View File

@ -138,14 +138,10 @@ JS
if($backURL) Session::set('BackURL', $backURL);
if($badLoginURL = Session::get("BadLoginURL")) {
$this->controller->redirect($badLoginURL);
} else {
// Show the right tab on failed login
$loginLink = Director::absoluteURL($this->controller->Link('login'));
if($backURL) $loginLink .= '?BackURL=' . urlencode($backURL);
$this->controller->redirect($loginLink . '#' . $this->FormName() .'_tab');
}
// Show the right tab on failed login
$loginLink = Director::absoluteURL($this->controller->Link('login'));
if($backURL) $loginLink .= '?BackURL=' . urlencode($backURL);
$this->controller->redirect($loginLink . '#' . $this->FormName() .'_tab');
}
}