Store redirect login url in session instead of using url parameter

2015-07-16 22:22:33 -04:00
parent e0d4877126
commit 493c7c2c74
6 changed files with 20 additions and 9 deletions
--- a/app/Controller/Auth.php
+++ b/app/Controller/Auth.php
@@ -25,7 +25,6 @@ class Auth extends Base
            'errors' => $errors,
            'values' => $values,
            'no_layout' => true,
            'redirect_query' => $this->request->getStringParam('redirect_query'),
            'title' => t('Login')
        )));
    }
@@ -37,14 +36,15 @@ class Auth extends Base
     */
    public function check()
    {
        $redirect_query = $this->request->getStringParam('redirect_query');
        $values = $this->request->getValues();
        list($valid, $errors) = $this->authentication->validateForm($values);
        if ($valid) {
-            if ($redirect_query !== '') {
+            if (! empty($this->session['login_redirect']) && ! filter_var($this->session['login_redirect'], FILTER_VALIDATE_URL)) {
-                $this->response->redirect('?'.urldecode($redirect_query));
+                $redirect = $this->session['login_redirect'];
                unset($this->session['login_redirect']);
                $this->response->redirect($redirect);
            }
            $this->response->redirect($this->helper->url->to('app', 'index'));
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -127,7 +127,8 @@ abstract class Base extends \Core\Base
                $this->response->text('Not Authorized', 401);
            }
-            $this->response->redirect($this->helper->url->to('auth', 'login', array('redirect_query' => urlencode($this->request->getQueryString()))));
+            $this->session['login_redirect'] = $this->request->getUri();
            $this->response->redirect($this->helper->url->to('auth', 'login'));
        }
    }
--- a/app/Controller/Oauth.php
+++ b/app/Controller/Oauth.php
@@ -116,7 +116,6 @@ class Oauth extends Base
                'errors' => array('login' => t('External authentication failed')),
                'values' => array(),
                'no_layout' => true,
                'redirect_query' => '',
                'title' => t('Login')
            )));
        }
--- a/app/Core/Request.php
+++ b/app/Core/Request.php
@@ -162,6 +162,17 @@ class Request
        return isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
    }
    /**
     * Returns uri
     *
     * @access public
     * @return string
     */
    public function getUri()
    {
        return isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
    }
    /**
     * Get the user agent
     *
--- a/app/Template/auth/index.php
+++ b/app/Template/auth/index.php
@@ -5,7 +5,7 @@
    <?php endif ?>
    <?php if (! HIDE_LOGIN_FORM): ?>
-    <form method="post" action="<?= $this->url->href('auth', 'check', array('redirect_query' => $redirect_query)) ?>">
+    <form method="post" action="<?= $this->url->href('auth', 'check') ?>">
        <?= $this->form->csrf() ?>
@@ -17,8 +17,6 @@
        <?= $this->form->checkbox('remember_me', t('Remember Me'), 1, true) ?><br/>
        <div class="form-actions">
            <input type="submit" value="<?= t('Sign in') ?>" class="btn btn-blue"/>
        </div>
--- a/app/common.php
+++ b/app/common.php
@@ -119,4 +119,6 @@ if (ENABLE_URL_REWRITE) {
    // Auth routes
    $container['router']->addRoute('oauth/google', 'oauth', 'google');
    $container['router']->addRoute('oauth/github', 'oauth', 'github');
    $container['router']->addRoute('login', 'auth', 'login');
    $container['router']->addRoute('logout', 'auth', 'logout');
 }