From 6353a7c2decd62098ebc96951c38c9aade44fc4c Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Thu, 11 Feb 2010 14:28:32 -0800
Subject: Security: Fix leaking of album / photo names. Reject previous fix for
 ticket 1009. Side effect: Renaming auth::required_login() to login_page().

---
 modules/gallery/helpers/auth.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'modules/gallery/helpers/auth.php')

diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index f5454f85..8b0ce470 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -132,15 +132,16 @@ class auth_Core {
   }
 
   /**
-   * Redirect to the login page.
+   * Returns the themed login page.
    */
-  static function require_login() {
+  static function login_page($continue_url=null) {
     $view = new Theme_View("page.html", "other", "login");
     $view->page_title = t("Log in to Gallery");
     $view->content = new View("login_ajax.html");
     $view->content->form = auth::get_login_form("login/auth_html");
     // Avoid anti-phishing protection by passing the url as session variable.
-    Session::instance()->set("continue_url", url::current(true));
+    $continue_url or $continue_url = url::current(true);
+    Session::instance()->set("continue_url", $continue_url);
     return $view;
   }
 }
\ No newline at end of file
-- 
cgit v1.2.3