[aur-dev] [PATCH] Redirect at previous page after a successful login
Lukas Fleischer
lfleischer at archlinux.org
Thu Jun 25 05:42:16 UTC 2015
On Fri, 19 Jun 2015 at 15:04:14, Lukas Fleischer wrote:
> On Thu, 18 Jun 2015 at 21:28:17, Gordian Edenhofer wrote:
> > After the user was authenticated a redirect to the site which
> > linked the user to the login page is done. This fixes FS#32481.
> > ---
> > web/html/login.php | 1 +
> > web/lib/acctfuncs.inc.php | 15 ++++++++++++++-
> > 2 files changed, 15 insertions(+), 1 deletion(-)
> >
> > diff --git a/web/html/login.php b/web/html/login.php
> > index f898a57..1b3a589 100644
> > --- a/web/html/login.php
> > +++ b/web/html/login.php
> > @@ -42,6 +42,7 @@ html_header('AUR ' . __("Login"));
> > <p>
> > <input type="submit" class="button" value="<?php print __("Login"); ?>" />
> > <a href="<?= get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
> > + <input id="id_referer" type="hidden" name="referer" value="<?= !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/'; ?>" />
>
> Please use urlencode() to escape the value of $_SERVER['HTTP_REFERER'].
>
> Also, I would prefer not setting the referer field at all if the HTTP
> header is not available:
>
> <?php if (isset($_SERVER['HTTP_REFERER'])): ?>
> <input id="id_referer" type="hidden" name="referer" value="<?= urlencode($_SERVER['HTTP_REFERER']) ?>" />
> <?php endif; ?>
>
> It would be nice if we could avoid the use of HTTP referers but it seems
> like a good temporary solution. Thank you for implementing this, some
> more comments below.
> [...]
Gordian, are you going to submit a reworked version of this patch?
More information about the aur-dev
mailing list