Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009.

Side effect: Renaming auth::required_login() to login_page().
author: Andy Staudacher <andy.st@gmail.com> 2010-02-11 14:28:32 -0800
committer: Andy Staudacher <andy.st@gmail.com> 2010-02-11 14:28:32 -0800
commit: 6353a7c2decd62098ebc96951c38c9aade44fc4c (patch)
tree: a8196b622c4aaa50ef91a01cc135be2eed03eb21 /modules/gallery/helpers/auth.php
parent: cd98f85260efd90cc93db78ee1efed997d0221c2 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index f5454f85..8b0ce470 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -132,15 +132,16 @@ class auth_Core {
   }
 
   /**
-   * Redirect to the login page.
+   * Returns the themed login page.
    */
-  static function require_login() {
+  static function login_page($continue_url=null) {
     $view = new Theme_View("page.html", "other", "login");
     $view->page_title = t("Log in to Gallery");
     $view->content = new View("login_ajax.html");
     $view->content->form = auth::get_login_form("login/auth_html");
     // Avoid anti-phishing protection by passing the url as session variable.
-    Session::instance()->set("continue_url", url::current(true));
+    $continue_url or $continue_url = url::current(true);
+    Session::instance()->set("continue_url", $continue_url);
     return $view;
   }
 }
 \ No newline at end of file
author	Andy Staudacher <andy.st@gmail.com>	2010-02-11 14:28:32 -0800
committer	Andy Staudacher <andy.st@gmail.com>	2010-02-11 14:28:32 -0800
commit	6353a7c2decd62098ebc96951c38c9aade44fc4c (patch)
tree	a8196b622c4aaa50ef91a01cc135be2eed03eb21 /modules/gallery/helpers/auth.php
parent	cd98f85260efd90cc93db78ee1efed997d0221c2 (diff)