Instead of passing query string in form post variables, store it in session so that it survives redirects. Fixes #2811
This commit is contained in:
parent
e53ec9c8b9
commit
dbdb13efd7
|
@ -152,8 +152,6 @@ if (
|
||||||
setcookie('zmCSS', $css, time()+3600*24*30*12*10);
|
setcookie('zmCSS', $css, time()+3600*24*30*12*10);
|
||||||
}
|
}
|
||||||
|
|
||||||
# Only one request can open the session file at a time, so let's close the session here to improve concurrency.
|
|
||||||
# Any file/page that sets session variables must re-open it.
|
|
||||||
|
|
||||||
require_once('includes/lang.php');
|
require_once('includes/lang.php');
|
||||||
|
|
||||||
|
@ -186,6 +184,8 @@ if ( isset($_REQUEST['request']) )
|
||||||
$request = detaintPath($_REQUEST['request']);
|
$request = detaintPath($_REQUEST['request']);
|
||||||
|
|
||||||
require_once('includes/auth.php');
|
require_once('includes/auth.php');
|
||||||
|
# Only one request can open the session file at a time, so let's close the session here to improve concurrency.
|
||||||
|
# Any file/page that sets session variables must re-open it.
|
||||||
session_write_close();
|
session_write_close();
|
||||||
|
|
||||||
foreach ( getSkinIncludes('skin.php') as $includeFile ) {
|
foreach ( getSkinIncludes('skin.php') as $includeFile ) {
|
||||||
|
@ -242,6 +242,12 @@ if ( ZM_OPT_USE_AUTH and (!isset($user)) and ($view != 'login') and ($view != 'n
|
||||||
ZM\Logger::Debug('Redirecting to login');
|
ZM\Logger::Debug('Redirecting to login');
|
||||||
$view = 'none';
|
$view = 'none';
|
||||||
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=login';
|
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=login';
|
||||||
|
if ( ! $request ) {
|
||||||
|
zm_session_start();
|
||||||
|
$_SESSION['postLoginQuery'] = $_SERVER['QUERY_STRING'];
|
||||||
|
ZM\Error("postLoginQuery " . $_SESSION['postLoginQuery']);
|
||||||
|
session_write_close();
|
||||||
|
}
|
||||||
$request = null;
|
$request = null;
|
||||||
} else if ( ZM_SHOW_PRIVACY && ($view != 'privacy') && ($view != 'options') && (!$request) && canEdit('System') ) {
|
} else if ( ZM_SHOW_PRIVACY && ($view != 'privacy') && ($view != 'options') && (!$request) && canEdit('System') ) {
|
||||||
$view = 'none';
|
$view = 'none';
|
||||||
|
|
|
@ -11,12 +11,15 @@
|
||||||
(
|
(
|
||||||
function () {
|
function () {
|
||||||
// Append '?(GET query)' to URL if the GET query is not empty.
|
// Append '?(GET query)' to URL if the GET query is not empty.
|
||||||
var querySuffix = "<?php
|
var querySuffix = '<?php
|
||||||
if (!empty($_POST['postLoginQuery'])) {
|
if (!empty($_SESSION['postLoginQuery'])) {
|
||||||
parse_str($_POST['postLoginQuery'], $queryParams);
|
parse_str($_SESSION['postLoginQuery'], $queryParams);
|
||||||
echo '?' . http_build_query($queryParams);
|
echo '?' . http_build_query($queryParams);
|
||||||
|
zm_session_start();
|
||||||
|
unset($_SESSION['postLoginQuery']);
|
||||||
|
session_write_close();
|
||||||
}
|
}
|
||||||
?>";
|
?>';
|
||||||
|
|
||||||
if ( querySuffix == '?view=login' ) {
|
if ( querySuffix == '?view=login' ) {
|
||||||
// If we didn't redirect elsewhere, then don't show login page, go to console
|
// If we didn't redirect elsewhere, then don't show login page, go to console
|
||||||
|
|
|
@ -7,7 +7,6 @@ xhtmlHeaders(__FILE__, translate('Login'));
|
||||||
<form class="center-block" name="loginForm" id="loginForm" method="post" action="?">
|
<form class="center-block" name="loginForm" id="loginForm" method="post" action="?">
|
||||||
<input type="hidden" name="action" value="login"/>
|
<input type="hidden" name="action" value="login"/>
|
||||||
<input type="hidden" name="view" value="login"/>
|
<input type="hidden" name="view" value="login"/>
|
||||||
<input type="hidden" name="postLoginQuery" value="<?php echo isset($_SERVER['QUERY_STRING']) ? htmlspecialchars($_SERVER['QUERY_STRING']) : ''?>">
|
|
||||||
|
|
||||||
<div id="loginError" class="hidden alarm" role="alert">
|
<div id="loginError" class="hidden alarm" role="alert">
|
||||||
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
|
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
|
||||||
|
|
Loading…
Reference in New Issue