Instead of passing query string in form post variables, store it in session so that it survives redirects. Fixes #2811
This commit is contained in:
parent
e53ec9c8b9
commit
dbdb13efd7
|
@ -152,8 +152,6 @@ if (
|
|||
setcookie('zmCSS', $css, time()+3600*24*30*12*10);
|
||||
}
|
||||
|
||||
# Only one request can open the session file at a time, so let's close the session here to improve concurrency.
|
||||
# Any file/page that sets session variables must re-open it.
|
||||
|
||||
require_once('includes/lang.php');
|
||||
|
||||
|
@ -186,6 +184,8 @@ if ( isset($_REQUEST['request']) )
|
|||
$request = detaintPath($_REQUEST['request']);
|
||||
|
||||
require_once('includes/auth.php');
|
||||
# Only one request can open the session file at a time, so let's close the session here to improve concurrency.
|
||||
# Any file/page that sets session variables must re-open it.
|
||||
session_write_close();
|
||||
|
||||
foreach ( getSkinIncludes('skin.php') as $includeFile ) {
|
||||
|
@ -242,6 +242,12 @@ if ( ZM_OPT_USE_AUTH and (!isset($user)) and ($view != 'login') and ($view != 'n
|
|||
ZM\Logger::Debug('Redirecting to login');
|
||||
$view = 'none';
|
||||
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=login';
|
||||
if ( ! $request ) {
|
||||
zm_session_start();
|
||||
$_SESSION['postLoginQuery'] = $_SERVER['QUERY_STRING'];
|
||||
ZM\Error("postLoginQuery " . $_SESSION['postLoginQuery']);
|
||||
session_write_close();
|
||||
}
|
||||
$request = null;
|
||||
} else if ( ZM_SHOW_PRIVACY && ($view != 'privacy') && ($view != 'options') && (!$request) && canEdit('System') ) {
|
||||
$view = 'none';
|
||||
|
|
|
@ -11,12 +11,15 @@
|
|||
(
|
||||
function () {
|
||||
// Append '?(GET query)' to URL if the GET query is not empty.
|
||||
var querySuffix = "<?php
|
||||
if (!empty($_POST['postLoginQuery'])) {
|
||||
parse_str($_POST['postLoginQuery'], $queryParams);
|
||||
var querySuffix = '<?php
|
||||
if (!empty($_SESSION['postLoginQuery'])) {
|
||||
parse_str($_SESSION['postLoginQuery'], $queryParams);
|
||||
echo '?' . http_build_query($queryParams);
|
||||
zm_session_start();
|
||||
unset($_SESSION['postLoginQuery']);
|
||||
session_write_close();
|
||||
}
|
||||
?>";
|
||||
?>';
|
||||
|
||||
if ( querySuffix == '?view=login' ) {
|
||||
// If we didn't redirect elsewhere, then don't show login page, go to console
|
||||
|
|
|
@ -7,7 +7,6 @@ xhtmlHeaders(__FILE__, translate('Login'));
|
|||
<form class="center-block" name="loginForm" id="loginForm" method="post" action="?">
|
||||
<input type="hidden" name="action" value="login"/>
|
||||
<input type="hidden" name="view" value="login"/>
|
||||
<input type="hidden" name="postLoginQuery" value="<?php echo isset($_SERVER['QUERY_STRING']) ? htmlspecialchars($_SERVER['QUERY_STRING']) : ''?>">
|
||||
|
||||
<div id="loginError" class="hidden alarm" role="alert">
|
||||
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
|
||||
|
|
Loading…
Reference in New Issue