diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-07-16 11:58:13 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-07-16 11:58:13 -0700 |
| commit | 583950616ef7c89acc0b0cbb52e77ffdb0afbb3d (patch) | |
| tree | 738dbf7ba5f704c9327a83fed9fac4d3f050e137 | |
| parent | b51b49cb63d990611dacccca5e2a505c6c96357d (diff) | |
Improve the fix for #1176 to use request::is_ajax() instead of tacking
on a query param to urls that appear in dialogs. This keeps things simpler.
| -rw-r--r-- | lib/gallery.dialog.js | 3 | ||||
| -rw-r--r-- | modules/gallery/controllers/admin.php | 5 | ||||
| -rw-r--r-- | modules/gallery/controllers/reauthenticate.php | 17 |
3 files changed, 8 insertions, 17 deletions
diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index a36c561a..cc35f5cd 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -27,8 +27,7 @@ $("#g-dialog").gallery_show_loading(); - var url = sHref + (sHref.indexOf("?") == -1 ? "?" : "&") + "gallery_dialog_request=1"; - $.getJSON(url, function(data) { + $.getJSON(sHref, function(data) { $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); if ($("#g-dialog form").length) { diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 3befac7d..eacacb28 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -84,10 +84,7 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get") { // Avoid anti-phishing protection by passing the url as session variable. - $reauthenticate = - array("continue_url" => url::abs_current(true), - "in_dialog" => strpos(Router::$query_string, "gallery_dialog_request") !== false); - Session::instance()->set("reauthenticate", $reauthenticate); + Session::instance()->set("continue_url", url::abs_current(true)); } url::redirect("reauthenticate"); diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 7378ea73..3cff2b6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -22,11 +22,10 @@ class Reauthenticate_Controller extends Controller { if (!identity::active_user()->admin) { access::forbidden(); } - $reauthenticate = Session::instance()->get("reauthenticate", array()); - if (empty($reauthenticate["in_dialog"])) { - self::_show_form(self::_form()); - } else { + if (request::is_ajax()) { print json_encode(array("form" => (string) self::_form())); + } else { + self::_show_form(self::_form()); } } @@ -36,18 +35,15 @@ class Reauthenticate_Controller extends Controller { } access::verify_csrf(); - $reauthenticate = Session::instance()->get("reauthenticate", array()); - $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { module::event("user_auth", $user); - Session::instance()->delete("reauthenticate"); - if (empty($reauthenticate["in_dialog"])) { + if (!request::is_ajax()) { message::success(t("Successfully re-authenticated!")); } - url::redirect($reauthenticate["continue_url"]); + url::redirect(Session::instance()->get_once("continue_url")); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -72,8 +68,7 @@ class Reauthenticate_Controller extends Controller { private static function _form() { $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); - $form->set_attr('class', "g-narrow"); - $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); + $form->set_attr("class", "g-narrow"); $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") |