diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2010-02-08 00:30:36 -0800 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2010-02-08 00:30:36 -0800 |
| commit | f9d00aa7429599f46e09b23e8313932ac5e186c3 (patch) | |
| tree | 1b9668d058abd0976f3827fef3fb21c5a6d2df91 | |
| parent | d0f6839c25c328c1bc0baff87974a8b268933361 (diff) | |
Fix for ticket 1008: Redirect to destination after re-auth.
| -rw-r--r-- | modules/gallery/controllers/admin.php | 12 | ||||
| -rw-r--r-- | modules/gallery/controllers/reauthenticate.php | 3 |
2 files changed, 13 insertions, 2 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index b5f3db39..5467e88a 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -30,7 +30,7 @@ class Admin_Controller extends Controller { public function __call($controller_name, $args) { if (auth::must_reauth_for_admin_area()) { - return url::redirect("reauthenticate"); + return self::_prompt_for_reauth($controller_name, $args); } if (request::method() == "post") { @@ -53,5 +53,15 @@ class Admin_Controller extends Controller { call_user_func_array(array(new $controller_name, $method), $args); } + + private static function _prompt_for_reauth($controller_name, $args) { + if (request::method() == "get" && !request::is_ajax()) { + $url_args = array("admin", $controller_name) + $args; + $continue_url = join("/", $url_args); + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", $continue_url); + } + url::redirect("reauthenticate"); + } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 4b88a9cc..dbd1cd21 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,7 +37,8 @@ class Reauthenticate_Controller extends Controller { if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - url::redirect("admin"); + $continue_url = Session::instance()->get_once("continue_url", "admin"); + url::redirect($continue_url); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); |