Fixes #299: prevent 404 on '?edit_link' while logged out
- add a use case for edit_link in logged out part. - *really* prevent loops on login screen.
This commit is contained in:
parent
b282fffa23
commit
5fbabbb9be
1 changed files with 36 additions and 7 deletions
43
index.php
Normal file → Executable file
43
index.php
Normal file → Executable file
|
@ -445,12 +445,30 @@ function ban_canLogin()
|
||||||
session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
|
session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Optional redirect after login:
|
// Optional redirect after login:
|
||||||
if (isset($_GET['post'])) { header('Location: ?post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); exit; }
|
if (isset($_GET['post'])) {
|
||||||
if (isset($_POST['returnurl']))
|
$uri = '?post='. urlencode($_GET['post']);
|
||||||
{
|
foreach (array('description', 'source', 'title') as $param) {
|
||||||
if (endsWith($_POST['returnurl'],'?do=login')) { header('Location: ?'); exit; } // Prevent loops over login screen.
|
if (!empty($_GET[$param])) {
|
||||||
header('Location: '.$_POST['returnurl']); exit;
|
$uri .= '&'.$param.'='.urlencode($_GET[$param]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
header('Location: '. $uri);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_GET['edit_link'])) {
|
||||||
|
header('Location: ?edit_link='. escape($_GET['edit_link']));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_POST['returnurl'])) {
|
||||||
|
// Prevent loops over login screen.
|
||||||
|
if (strpos($_POST['returnurl'], 'do=login') === false) {
|
||||||
|
header('Location: '. escape($_POST['returnurl']));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
header('Location: ?'); exit;
|
header('Location: ?'); exit;
|
||||||
}
|
}
|
||||||
|
@ -458,7 +476,14 @@ function ban_canLogin()
|
||||||
{
|
{
|
||||||
ban_loginFailed();
|
ban_loginFailed();
|
||||||
$redir = '';
|
$redir = '';
|
||||||
if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); }
|
if (isset($_GET['post'])) {
|
||||||
|
$redir = '?post=' . urlencode($_GET['post']);
|
||||||
|
foreach (array('description', 'source', 'title') as $param) {
|
||||||
|
if (!empty($_GET[$param])) {
|
||||||
|
$redir .= '&' . $param . '=' . urlencode($_GET[$param]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen.
|
echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen.
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
@ -1219,6 +1244,11 @@ function renderPage()
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($_GET['edit_link'])) {
|
||||||
|
header('Location: ?do=login&edit_link='. escape($_GET['edit_link']));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
$PAGE = new pageBuilder;
|
$PAGE = new pageBuilder;
|
||||||
buildLinkList($PAGE,$LINKSDB); // Compute list of links to display
|
buildLinkList($PAGE,$LINKSDB); // Compute list of links to display
|
||||||
$PAGE->renderPage('linklist');
|
$PAGE->renderPage('linklist');
|
||||||
|
@ -1488,7 +1518,6 @@ function renderPage()
|
||||||
{
|
{
|
||||||
$url=$_GET['post'];
|
$url=$_GET['post'];
|
||||||
|
|
||||||
|
|
||||||
// We remove the annoying parameters added by FeedBurner, GoogleFeedProxy, Facebook...
|
// We remove the annoying parameters added by FeedBurner, GoogleFeedProxy, Facebook...
|
||||||
$annoyingpatterns = array('/[\?&]utm_source=[^&]*/',
|
$annoyingpatterns = array('/[\?&]utm_source=[^&]*/',
|
||||||
'/[\?&]utm_campaign=[^&]*/',
|
'/[\?&]utm_campaign=[^&]*/',
|
||||||
|
|
Loading…
Reference in a new issue