On Thu, 18 Jun 2015 at 21:28:17, Gordian Edenhofer wrote:
After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.
---
Thanks for the replies. I fixed the concerning htmlspecialchars invocation
and changed the formatting.
Though I am a fan of short if-else statements and even think they improve
readability I do not mind loosing them.
Changes since v1:
* Prevent setting referer again if $_REQUEST['referer'] exists already
* Do not link back to the registration page
web/html/login.php| 5 +
web/lib/acctfuncs.inc.php | 7 ++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/web/html/login.php b/web/html/login.php
index f898a57..ddb1e69 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -42,6 +42,11 @@ html_header('AUR ' . __(Login));
p
input type=submit class=button
value=?php print __(Login); ? /
a href=?= get_uri('/passreset/') ?[?=
__('Forgot Password') ?]/a
+ ?php if (in_request('referer') !== ): ?
+ input id=id_referer type=hidden
name=referer value=?= in_request('referer') ? /
+ ?php elseif (isset($_SERVER['HTTP_REFERER'])
strpos(aur_location()./register, $_SERVER['HTTP_REFERER']) !== 0): ?
I would prefer not having a special case for /register/. I will think of
a patch that doesn't simply redirect /register/ to the account edit form
if a user is logged in instead. So please drop the second part of that
condition :)
+ input id=id_referer type=hidden
name=referer value=?= htmlspecialchars($_SERVER['HTTP_REFERER'],
ENT_QUOTES) ? /
+ ?php endif; ?
/p
/fieldset
/form
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 20ac081..8f2f686 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,12 @@ function try_login() {
}
setcookie(AURSID, $new_sid, $cookie_time, /, null,
!empty($_SERVER['HTTPS']), true);
- header(Location: . get_uri('/'));
+
+ $referer = in_request('referer');
+ if (strpos($referer, aur_location()) !== 0) {
+ $referer = '/';
+ }
+ header(Location: .get_uri( $referer ));
I think you misunderstood me. This should be
header(Location: . get_uri($referer));
Thanks!
$login_error = ;
}
--
2.4.4