[aur-dev] [PATCH] Redirect at previous page after a successful login

Gordian Edenhofer gordian.edenhofer at gmail.com
Thu Jun 25 09:00:24 UTC 2015


On Thu, 2015-06-25 at 07:42 +0200, Lukas Fleischer wrote:
> On Fri, 19 Jun 2015 at 15:04:14, Lukas Fleischer wrote:
> > On Thu, 18 Jun 2015 at 21:28:17, Gordian Edenhofer wrote:
> > > After the user was authenticated a redirect to the site which
> > > linked the user to the login page is done. This fixes FS#32481.
> > > ---
> > >  web/html/login.php        |  1 +
> > >  web/lib/acctfuncs.inc.php | 15 ++++++++++++++-
> > >  2 files changed, 15 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/web/html/login.php b/web/html/login.php
> > > index f898a57..1b3a589 100644
> > > --- a/web/html/login.php
> > > +++ b/web/html/login.php
> > > @@ -42,6 +42,7 @@ html_header('AUR ' . __("Login"));
> > >                         <p>
> > >                                 <input type="submit" 
> > > class="button" value="<?php  print __("Login"); ?>" />
> > >                                 <a href="<?= 
> > > get_uri('/passreset/') ?>">[<?= __('Forgot Password') ?>]</a>
> > > +                               <input id="id_referer" 
> > > type="hidden" name="referer" value="<?= 
> > > !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 
> > > '/'; ?>" />
> > 
> > Please use urlencode() to escape the value of 
> > $_SERVER['HTTP_REFERER'].
> > 
> > Also, I would prefer not setting the referer field at all if the 
> > HTTP
> > header is not available:
> > 
> >     <?php if (isset($_SERVER['HTTP_REFERER'])): ?>
> >     <input id="id_referer" type="hidden" name="referer" value="<?= 
> > urlencode($_SERVER['HTTP_REFERER']) ?>" />
> >     <?php endif; ?>
> > 
> > It would be nice if we could avoid the use of HTTP referers but it 
> > seems
> > like a good temporary solution. Thank you for implementing this, 
> > some
> > more comments below.
> > [...]
> 
> Gordian, are you going to submit a reworked version of this patch?

Sorry for the delay! I did send the patch a week ago, but it seems like
my mail client did not do its job. (GMail marked the mail as send,
though the mailman archive does not. I have no idea why.)
I hope this reworded patch is in line with the expectations.

Best regards,
Gordian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20150625/e81c7181/attachment.asc>


More information about the aur-dev mailing list