[aur-dev] [PATCH] Redirect at previous page after a successful login
Gordian Edenhofer
gordian.edenhofer at gmail.com
Thu Jun 25 09:00:24 UTC 2015
On Thu, 2015-06-25 at 07:42 +0200, Lukas Fleischer wrote:
> On Fri, 19 Jun 2015 at 15:04:14, Lukas Fleischer wrote:
> > On Thu, 18 Jun 2015 at 21:28:17, Gordian Edenhofer wrote:
> > > After the user was authenticated a redirect to the site which
> > > linked the user to the login page is done. This fixes FS#32481.
> > > ---
> > > web/html/login.php | 1 +
> > > web/lib/acctfuncs.inc.php | 15 ++++++++++++++-
> > > 2 files changed, 15 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/web/html/login.php b/web/html/login.php
> > > index f898a57..1b3a589 100644
> > > --- a/web/html/login.php
> > > +++ b/web/html/login.php
> > > @@ -42,6 +42,7 @@ html_header('AUR ' . __("Login"));
> > > <p>
> > > <input type="submit"
> > > class="button" value="<?php print __("Login"); ?>" />
> > > <a href="<?=
> > > get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
> > > + <input id="id_referer"
> > > type="hidden" name="referer" value="<?=
> > > !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
> > > '/'; ?>" />
> >
> > Please use urlencode() to escape the value of
> > $_SERVER['HTTP_REFERER'].
> >
> > Also, I would prefer not setting the referer field at all if the
> > HTTP
> > header is not available:
> >
> > <?php if (isset($_SERVER['HTTP_REFERER'])): ?>
> > <input id="id_referer" type="hidden" name="referer" value="<?=
> > urlencode($_SERVER['HTTP_REFERER']) ?>" />
> > <?php endif; ?>
> >
> > It would be nice if we could avoid the use of HTTP referers but it
> > seems
> > like a good temporary solution. Thank you for implementing this,
> > some
> > more comments below.
> > [...]
>
> Gordian, are you going to submit a reworked version of this patch?
Sorry for the delay! I did send the patch a week ago, but it seems like
my mail client did not do its job. (GMail marked the mail as send,
though the mailman archive does not. I have no idea why.)
I hope this reworded patch is in line with the expectations.
Best regards,
Gordian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20150625/e81c7181/attachment.asc>
More information about the aur-dev
mailing list