Fix for ticket 1008: Redirect to destination after re-auth.

author: Andy Staudacher <andy.st@gmail.com> 2010-02-08 00:30:36 -0800
committer: Andy Staudacher <andy.st@gmail.com> 2010-02-08 00:30:36 -0800
commit: f9d00aa7429599f46e09b23e8313932ac5e186c3 (patch)
tree: 1b9668d058abd0976f3827fef3fb21c5a6d2df91 /modules/gallery/controllers/admin.php
parent: d0f6839c25c328c1bc0baff87974a8b268933361 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index b5f3db39..5467e88a 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -30,7 +30,7 @@ class Admin_Controller extends Controller {
 
   public function __call($controller_name, $args) {
     if (auth::must_reauth_for_admin_area()) {
-      return url::redirect("reauthenticate");
+      return self::_prompt_for_reauth($controller_name, $args);
     }
 
     if (request::method() == "post") {
@@ -53,5 +53,15 @@ class Admin_Controller extends Controller {
 
     call_user_func_array(array(new $controller_name, $method), $args);
   }
+
+  private static function _prompt_for_reauth($controller_name, $args) {
+    if (request::method() == "get" && !request::is_ajax()) {
+      $url_args = array("admin", $controller_name) + $args;
+      $continue_url = join("/", $url_args);
+      // Avoid anti-phishing protection by passing the url as session variable.
+      Session::instance()->set("continue_url", $continue_url);
+    }
+    url::redirect("reauthenticate");
+  }
 }
author	Andy Staudacher <andy.st@gmail.com>	2010-02-08 00:30:36 -0800
committer	Andy Staudacher <andy.st@gmail.com>	2010-02-08 00:30:36 -0800
commit	f9d00aa7429599f46e09b23e8313932ac5e186c3 (patch)
tree	1b9668d058abd0976f3827fef3fb21c5a6d2df91 /modules/gallery/controllers/admin.php
parent	d0f6839c25c328c1bc0baff87974a8b268933361 (diff)