diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-06-11 15:40:54 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-06-11 15:40:54 -0700 |
| commit | bbbb35675acefc6b0b1b78dea9fd3a983189d772 (patch) | |
| tree | 335bcc88125a6294860817ec7848e7a13bf616f5 | |
| parent | bb35aefffbc287efc9823abd4b0e451b86c37378 (diff) | |
Fix for ticket #1039. The problem was, as Bryan76 pointed out, with passing the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url.
| -rw-r--r-- | modules/gallery/controllers/logout.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 967dad49..fdbadf1b 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -22,13 +22,16 @@ class Logout_Controller extends Controller { access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { - $item = url::get_item_from_uri($continue_url); + $components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4); + $item = url::get_item_from_uri($components[3]); if (access::can("view", $item)) { // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: $continue_url"); + header("Location: {$item->relative_url()}"); } else { url::redirect(item::root()->abs_url()); } + } else { + url::redirect(item::root()->abs_url()); } } }
\ No newline at end of file |