Move URL redirection from URL to session parameter

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@433 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske 2009-10-27 19:58:54 +00:00
parent af157c6bb7
commit f24a387cc9
3 changed files with 23 additions and 20 deletions

View file

@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') {
/** /**
* Creates a "vote for/against this bookmark" URL. * Creates a "vote for/against this bookmark" URL.
* Also runs htmlspecialchars() on them to prevent XSS. * Also runs htmlspecialchars() on them to prevent XSS.
* We need to use ENT_QUOTES since otherwise we would not be
* protected when the attribute is used in single quotes.
* *
* @param boolean $for For the bookmark (true) or against (false) * @param boolean $for For the bookmark (true) or against (false)
* @param integer $bId Bookmark ID * @param integer $bId Bookmark ID
@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') {
*/ */
function createVoteURL($for, $bId) function createVoteURL($for, $bId)
{ {
//FIXME: we need a "current url" variable that is
//filled with a safe version of the current url.
//all this specialchars stuff is bit of a hack.
return htmlspecialchars( return htmlspecialchars(
createURL( createURL(
'vote', 'vote',
($for ? 'for' : 'against') . '/' . $bId ($for ? 'for' : 'against') . '/' . $bId
) . '?from=' . urlencode($_SERVER['REQUEST_URI']), ),
ENT_QUOTES ENT_QUOTES
); );
} }

View file

@ -20,7 +20,8 @@ if (defined('UNIT_TEST_MODE')) {
} }
} }
require_once 'SemanticScuttle/constants.php'; // some constants are based on variables from config file // some constants are based on variables from config file
require_once 'SemanticScuttle/constants.php';
// Debug Management using constants // Debug Management using constants
@ -34,7 +35,8 @@ if(DEBUG_MODE) {
error_reporting(0); error_reporting(0);
} }
// 2 // Second requirements part which could display bugs (must come after debug management) // 2 // Second requirements part which could display bugs
// (must come after debug management)
require_once 'SemanticScuttle/Service.php'; require_once 'SemanticScuttle/Service.php';
require_once 'SemanticScuttle/DbService.php'; require_once 'SemanticScuttle/DbService.php';
require_once 'SemanticScuttle/Service/Factory.php'; require_once 'SemanticScuttle/Service/Factory.php';
@ -57,6 +59,12 @@ T_textdomain($domain);
// 4 // Session // 4 // Session
if (!defined('UNIT_TEST_MODE')) { if (!defined('UNIT_TEST_MODE')) {
session_start(); session_start();
if ($GLOBALS['enableVoting']) {
if (isset($_SESSION['lastUrl'])) {
$GLOBALS['lastUrl'] = $_SESSION['lastUrl'];
}
$_SESSION['lastUrl'] = $_SERVER['REQUEST_URI'];
}
} }
// 5 // Create mandatory services and objects // 5 // Create mandatory services and objects

View file

@ -3,9 +3,9 @@
* We do expect three parameters: * We do expect three parameters:
* - type (for/against) * - type (for/against)
* - bookmark id * - bookmark id
* - url we shall redirect to (?from=) * - session needs to contain the URL last visited
* *
* vote/for/123?from=xyz * vote/for/123
*/ */
require_once '../src/SemanticScuttle/header.php'; require_once '../src/SemanticScuttle/header.php';
@ -21,7 +21,7 @@ $vs = SemanticScuttle_Service_Factory::get('Vote');
if (!$us->isLoggedOn()) { if (!$us->isLoggedOn()) {
header('HTTP/1.0 400 Bad Request'); header('HTTP/1.0 400 Bad Request');
echo 'need a logged on user'; echo 'You need to be logged on to vote.';
exit(1); exit(1);
} }
$user = $us->getCurrentUser(); $user = $us->getCurrentUser();
@ -49,12 +49,12 @@ if (!is_numeric($bookmark)) {
} }
$bookmark = (int)$bookmark; $bookmark = (int)$bookmark;
if (!isset($_GET['from']) || $_GET['from'] == '') { if (!isset($GLOBALS['lastUrl']) || $GLOBALS['lastUrl'] == '') {
header('HTTP/1.0 400 Bad Request'); header('HTTP/1.0 412 Precondition failed');
echo 'Missing "from" parameter'; echo 'Missing last URL in session';
exit(5); exit(5);
} }
$from = $_GET['from']; $from = $GLOBALS['lastUrl'];
if ($vs->hasVoted($bookmark, $user)) { if ($vs->hasVoted($bookmark, $user)) {