From f24a387cc95661ed724d4a51651a96a0f1b8c488 Mon Sep 17 00:00:00 2001 From: cweiske Date: Tue, 27 Oct 2009 19:58:54 +0000 Subject: [PATCH] Move URL redirection from URL to session parameter git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@433 b3834d28-1941-0410-a4f8-b48e95affb8f --- src/SemanticScuttle/functions.php | 7 +------ src/SemanticScuttle/header.php | 22 +++++++++++++++------- www/vote.php | 14 +++++++------- 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php index 8823752..c03b3e0 100644 --- a/src/SemanticScuttle/functions.php +++ b/src/SemanticScuttle/functions.php @@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') { /** * Creates a "vote for/against this bookmark" URL. * Also runs htmlspecialchars() on them to prevent XSS. - * We need to use ENT_QUOTES since otherwise we would not be - * protected when the attribute is used in single quotes. * * @param boolean $for For the bookmark (true) or against (false) * @param integer $bId Bookmark ID @@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') { */ function createVoteURL($for, $bId) { - //FIXME: we need a "current url" variable that is - //filled with a safe version of the current url. - //all this specialchars stuff is bit of a hack. return htmlspecialchars( createURL( 'vote', ($for ? 'for' : 'against') . '/' . $bId - ) . '?from=' . urlencode($_SERVER['REQUEST_URI']), + ), ENT_QUOTES ); } diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php index 9615199..1b32643 100644 --- a/src/SemanticScuttle/header.php +++ b/src/SemanticScuttle/header.php @@ -1,5 +1,5 @@ getCurrentObjectUser(); -$templateservice =SemanticScuttle_Service_Factory::get('Template'); +$templateservice = SemanticScuttle_Service_Factory::get('Template'); $tplVars = array(); $tplVars['currentUser'] = $currentUser; $tplVars['userservice'] = $userservice; diff --git a/www/vote.php b/www/vote.php index 91f5c34..6dda31b 100644 --- a/www/vote.php +++ b/www/vote.php @@ -3,9 +3,9 @@ * We do expect three parameters: * - type (for/against) * - bookmark id - * - url we shall redirect to (?from=) + * - session needs to contain the URL last visited * - * vote/for/123?from=xyz + * vote/for/123 */ require_once '../src/SemanticScuttle/header.php'; @@ -21,7 +21,7 @@ $vs = SemanticScuttle_Service_Factory::get('Vote'); if (!$us->isLoggedOn()) { header('HTTP/1.0 400 Bad Request'); - echo 'need a logged on user'; + echo 'You need to be logged on to vote.'; exit(1); } $user = $us->getCurrentUser(); @@ -49,12 +49,12 @@ if (!is_numeric($bookmark)) { } $bookmark = (int)$bookmark; -if (!isset($_GET['from']) || $_GET['from'] == '') { - header('HTTP/1.0 400 Bad Request'); - echo 'Missing "from" parameter'; +if (!isset($GLOBALS['lastUrl']) || $GLOBALS['lastUrl'] == '') { + header('HTTP/1.0 412 Precondition failed'); + echo 'Missing last URL in session'; exit(5); } -$from = $_GET['from']; +$from = $GLOBALS['lastUrl']; if ($vs->hasVoted($bookmark, $user)) {