2 files changed, 13 insertions, 2 deletions

diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index b5f3db39..5467e88a 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -30,7 +30,7 @@ class Admin_Controller extends Controller {
 
   public function __call($controller_name, $args) {
     if (auth::must_reauth_for_admin_area()) {
-      return url::redirect("reauthenticate");
+      return self::_prompt_for_reauth($controller_name, $args);
     }
 
     if (request::method() == "post") {
@@ -53,5 +53,15 @@ class Admin_Controller extends Controller {
 
     call_user_func_array(array(new $controller_name, $method), $args);
   }
+
+  private static function _prompt_for_reauth($controller_name, $args) {
+    if (request::method() == "get" && !request::is_ajax()) {
+      $url_args = array("admin", $controller_name) + $args;
+      $continue_url = join("/", $url_args);
+      // Avoid anti-phishing protection by passing the url as session variable.
+      Session::instance()->set("continue_url", $continue_url);
+    }
+    url::redirect("reauthenticate");
+  }
 }
 
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 4b88a9cc..dbd1cd21 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -37,7 +37,8 @@ class Reauthenticate_Controller extends Controller {
     if ($valid) {
       message::success(t("Successfully re-authenticated!"));
       module::event("user_auth", $user);
-      url::redirect("admin");
+      $continue_url = Session::instance()->get_once("continue_url", "admin");
+      url::redirect($continue_url);
     } else {
       $name = $user->name;
       log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));