I am having a weird issue where for some unknown reason my $_SESSION['last_uri'] variable is being modified on a js redirect.
This is where we define the SESSION variable, currently it displays as '/training_management':
echo 'SESSION: ' . $_SESSION['last_uri'];
if ( !(preg_match('/login/', $_SERVER['SCRIPT_NAME'])) && !(preg_match('/denied/', $_SERVER['SCRIPT_NAME'])) ) {
$_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
This is where we redirect to a new page:
$("#login_button").click(function() {
var name = $("input[name$=name]").val();
var pw = encodeURIComponent($("input[name$=password]").val());
var query = "func=login&name=" + name + "&password=" + pw;
ajaxRequest(query, function(data) {
console.log(data);
data = data.replace(/(
|
||\s)/gm, "");
if (!data || data == 0) {
failureMsg(_("Incorrect login data."));
} else {
window.location.replace("redirect");
}
});
});
This then redirects to redirect.php which shows the following as the value '/tpl/css/images/ui-icons_222222_256x240.png':
if ( $_SESSION['last_uri'] ) {
echo $_SESSION['last_uri'];
//header("Location: " . $_SESSION['last_uri']);
}
Where / How is the SESSSION variable changed?
HERE are my rewrite rules:
# No www
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# No likey .php
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
# Some more Security
RewriteEngine On
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ /security [R=301,L]
