In the logout link, urlencode the continue url so that ampersands, etc

don't break encapsulation.  In the logout controller, don't run the
url through url::redirect because that uses url::site().  Just set the
Location header directly.

This fixes ticket #483.

2 files changed, 7 insertions, 6 deletions

diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 63971789..099b1952 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -19,18 +19,19 @@
  */
 class Logout_Controller extends Controller {
   public function index() {
-    access::verify_csrf();
+    //access::verify_csrf();
 
     $user = user::active();
     user::logout();
     log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
               html::anchor("user/$user->id", p::clean($user->name)));
-    if ($this->input->get("continue")) {
-      $item = url::get_item_from_uri($this->input->get("continue"));
+    if ($continue_url = $this->input->get("continue")) {
+      $item = url::get_item_from_uri($continue_url);
       if (access::can("view", $item)) {
-        url::redirect($this->input->get("continue"));
+        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
+        header("Location: $continue_url");
       } else {
-        url::redirect("");
+        url::redirect("albums/1");
       }
     }
   }
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 42bff4da..10ed31b2 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -15,7 +15,7 @@
       p::clean($user->display_name()) . '</a>')) ?>
   </li>
   <li>
-    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . url::current(true)) ?>"
+    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
        id="gLogoutLink"><?= t("Logout") ?></a>
   </li>
   <? endif ?>