aliens/SemanticScuttle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Move URL redirection from URL to session parameter

Browse source 
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@433 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske 2009-10-27 19:58:54 +00:00
parent af157c6bb7
commit f24a387cc9
3 changed files with 23 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/SemanticScuttle/functions.php
View file

@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') {
/** /**
* Creates a "vote for/against this bookmark" URL. * Creates a "vote for/against this bookmark" URL.
* Also runs htmlspecialchars() on them to prevent XSS. * Also runs htmlspecialchars() on them to prevent XSS.
* We need to use ENT_QUOTES since otherwise we would not be
* protected when the attribute is used in single quotes.
* *
* @param boolean $for For the bookmark (true) or against (false) * @param boolean $for For the bookmark (true) or against (false)
* @param integer $bId Bookmark ID * @param integer $bId Bookmark ID
@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') {
*/ */
function createVoteURL($for, $bId) function createVoteURL($for, $bId)
{ {
//FIXME: we need a "current url" variable that is
//filled with a safe version of the current url.
//all this specialchars stuff is bit of a hack.
return htmlspecialchars( return htmlspecialchars(
createURL( createURL(
'vote', 'vote',
($for ? 'for' : 'against') . '/' . $bId ($for ? 'for' : 'against') . '/' . $bId
) . '?from=' . urlencode($_SERVER['REQUEST_URI']), ),
ENT_QUOTES ENT_QUOTES
); );
} }

22
src/SemanticScuttle/header.php
View file

@ -1,5 +1,5 @@
<?php <?php
if(!file_exists(dirname(__FILE__) .'/../../data/config.php')) { if (!file_exists(dirname(__FILE__) .'/../../data/config.php')) {
die('Please copy "config.php.dist" to "config.php"'); die('Please copy "config.php.dist" to "config.php"');
} }
set_include_path( set_include_path(
@ -20,11 +20,12 @@ if (defined('UNIT_TEST_MODE')) {
} }
} }
require_once 'SemanticScuttle/constants.php'; // some constants are based on variables from config file // some constants are based on variables from config file
require_once 'SemanticScuttle/constants.php';
// Debug Management using constants // Debug Management using constants
if(DEBUG_MODE) { if (DEBUG_MODE) {
ini_set('display_errors', '1'); ini_set('display_errors', '1');
ini_set('mysql.trace_mode', '1'); ini_set('mysql.trace_mode', '1');
error_reporting(E_ALL); error_reporting(E_ALL);
@ -34,7 +35,8 @@ if(DEBUG_MODE) {
error_reporting(0); error_reporting(0);
} }
// 2 // Second requirements part which could display bugs (must come after debug management) // 2 // Second requirements part which could display bugs
// (must come after debug management)
require_once 'SemanticScuttle/Service.php'; require_once 'SemanticScuttle/Service.php';
require_once 'SemanticScuttle/DbService.php'; require_once 'SemanticScuttle/DbService.php';
require_once 'SemanticScuttle/Service/Factory.php'; require_once 'SemanticScuttle/Service/Factory.php';
@ -50,20 +52,26 @@ require_once 'SemanticScuttle/utf8.php';
require_once 'php-gettext/gettext.inc'; require_once 'php-gettext/gettext.inc';
$domain = 'messages'; $domain = 'messages';
T_setlocale(LC_MESSAGES, $locale); T_setlocale(LC_MESSAGES, $locale);
T_bindtextdomain($domain, dirname(__FILE__) .'/locales'); T_bindtextdomain($domain, dirname(__FILE__) . '/locales');
T_bind_textdomain_codeset($domain, 'UTF-8'); T_bind_textdomain_codeset($domain, 'UTF-8');
T_textdomain($domain); T_textdomain($domain);
// 4 // Session // 4 // Session
if (!defined('UNIT_TEST_MODE')) { if (!defined('UNIT_TEST_MODE')) {
session_start(); session_start();
if ($GLOBALS['enableVoting']) {
if (isset($_SESSION['lastUrl'])) {
$GLOBALS['lastUrl'] = $_SESSION['lastUrl'];
}
$_SESSION['lastUrl'] = $_SERVER['REQUEST_URI'];
}
} }
// 5 // Create mandatory services and objects // 5 // Create mandatory services and objects
$userservice =SemanticScuttle_Service_Factory::get('User'); $userservice = SemanticScuttle_Service_Factory::get('User');
$currentUser = $userservice->getCurrentObjectUser(); $currentUser = $userservice->getCurrentObjectUser();
$templateservice =SemanticScuttle_Service_Factory::get('Template'); $templateservice = SemanticScuttle_Service_Factory::get('Template');
$tplVars = array(); $tplVars = array();
$tplVars['currentUser'] = $currentUser; $tplVars['currentUser'] = $currentUser;
$tplVars['userservice'] = $userservice; $tplVars['userservice'] = $userservice;

14
www/vote.php
View file

@ -3,9 +3,9 @@
* We do expect three parameters: * We do expect three parameters:
* - type (for/against) * - type (for/against)
* - bookmark id * - bookmark id
* - url we shall redirect to (?from=) * - session needs to contain the URL last visited
* *
* vote/for/123?from=xyz * vote/for/123
*/ */
require_once '../src/SemanticScuttle/header.php'; require_once '../src/SemanticScuttle/header.php';
@ -21,7 +21,7 @@ $vs = SemanticScuttle_Service_Factory::get('Vote');
if (!$us->isLoggedOn()) { if (!$us->isLoggedOn()) {
header('HTTP/1.0 400 Bad Request'); header('HTTP/1.0 400 Bad Request');
echo 'need a logged on user'; echo 'You need to be logged on to vote.';
exit(1); exit(1);
} }
$user = $us->getCurrentUser(); $user = $us->getCurrentUser();
@ -49,12 +49,12 @@ if (!is_numeric($bookmark)) {
} }
$bookmark = (int)$bookmark; $bookmark = (int)$bookmark;
if (!isset($_GET['from']) || $_GET['from'] == '') { if (!isset($GLOBALS['lastUrl']) || $GLOBALS['lastUrl'] == '') {
header('HTTP/1.0 400 Bad Request'); header('HTTP/1.0 412 Precondition failed');
echo 'Missing "from" parameter'; echo 'Missing last URL in session';
exit(5); exit(5);
} }
$from = $_GET['from']; $from = $GLOBALS['lastUrl'];
if ($vs->hasVoted($bookmark, $user)) { if ($vs->hasVoted($bookmark, $user)) {