changed link() better handle mis-use

phpgwapi/inc/phpgw.inc.php

@@ -240,7 +240,17 @@
 
       // next line adds index.php when one is assumed since
       // iis will not interpret urls like http://.../addressbook/?xyz=5
-      return str_replace("/?", "/index.php?", $url);
+      $url = str_replace("/?", "/index.php?", $url);
+      $html_check = strtolower(substr($url ,0,4));
+      $slash_check = strtolower(substr($url ,0,1));
+      if($url_check != "http") {
+        if($slash_check != "/") {
+          $url = $phpgw_info["server"]["hostname"].$phpgw_info["server"]["webserver_url"]."/".$url; 
+        } else{
+          $url = $phpgw_info["server"]["hostname"].$url; 
+        } 
+      }
+      return $url;
     }  
 
     function strip_html($s)

phpgwapi/inc/phpgw_common.inc.php

@@ -852,6 +852,7 @@
         case 15:	$s .= lang("Entry updated sucessfully");	break;
         case 16:	$s .= lang("Entry has been deleted sucessfully"); break;
         case 18:	$s .= lang("Password has been updated");	break;
+        case 38:	$s .= lang("Password could not be changed");	break;
         case 19:	$s .= lang("Session has been killed");	break;
         case 27:	$s .= lang("Account has been updated");	break;
         case 28:	$s .= lang("Account has been created");	break;

preferences/changepassword.php

@@ -77,7 +77,7 @@
   $passwd_changed = $phpgw->auth->change_password($o_passwd, $n_passwd);
   if (!$passwd_changed){
     // This need to be changed to show a different message based on the result
-    Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/"));
+    Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/","cd=38"));
   }else{
     $phpgw_info["user"]["passwd"] = $phpgw->auth->change_password($o_passwd, $n_passwd);
     $phpgw->accounts->sync();