From 2d78c5521d380501feb43aa24b985d5a0a6ed7b0 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 19 Nov 2007 00:05:46 +0000
Subject: Correctly check for page names by including .php.   Strip off / if
 found so that we can get an exact page match against the URL.   My test
 diagnostics user now works.

---
 etc/inc/authgui.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'etc/inc/authgui.inc')

diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 3f15e13..9e83157 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -95,7 +95,7 @@ if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) {
    * page, set $home to that page instead.
    */
   if (isset($_POST['scriptname']) && $_POST['scriptname'] <> "/" && $_POST['scriptname'] <> "/index.php") {
-    $home = str_replace('.php', '', basename($_POST['scriptname']));
+    $home = str_replace('/', '', basename($_POST['scriptname']));
     $pagereq = $home;
    }
 
@@ -104,7 +104,7 @@ if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) {
   //if ($_SERVER['SCRIPT_NAME'] == '/')
   //  $_SERVER['SCRIPT_NAME'] = $home;
     if ($pagereq == "")
-    	$pagereq = str_replace('.php', '', basename($_SERVER['SCRIPT_NAME']));
+    	$pagereq = str_replace('/', '', basename($_SERVER['SCRIPT_NAME']));
 
   // Strip the leading / from the currently requested PHP page
   if (!in_array($pagereq,$allowed) && !in_array("ANY", $allowed)) {
-- 
cgit v1.1