From bbbb35675acefc6b0b1b78dea9fd3a983189d772 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 11 Jun 2010 15:40:54 -0700
Subject: Fix for ticket #1039. The problem was, as Bryan76 pointed out, with
 passing the full url in the continue parameter. In the logout controller, we
 tried to get the item from the url so we could check the permission of the
 item to insure that the guest user had access. But url::get_item_from_url
 expects a relative url.

---
 modules/gallery/controllers/logout.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index 967dad49..fdbadf1b 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -22,13 +22,16 @@ class Logout_Controller extends Controller {
     access::verify_csrf();
     auth::logout();
     if ($continue_url = Input::instance()->get("continue")) {
-      $item = url::get_item_from_uri($continue_url);
+      $components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4);
+      $item = url::get_item_from_uri($components[3]);
       if (access::can("view", $item)) {
         // Don't use url::redirect() because it'll call url::site() and munge the continue url.
-        header("Location: $continue_url");
+        header("Location: {$item->relative_url()}");
       } else {
         url::redirect(item::root()->abs_url());
       }
+    } else {
+        url::redirect(item::root()->abs_url());
     }
   }
 }
\ No newline at end of file
-- 
cgit v1.2.3