Move URL redirection from URL to session parameter

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@433 b3834d28-1941-0410-a4f8-b48e95affb8f

src/SemanticScuttle/functions.php

@@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') {
 /**
  * Creates a "vote for/against this bookmark" URL.
  * Also runs htmlspecialchars() on them to prevent XSS.
- * We need to use ENT_QUOTES since otherwise we would not be
- * protected when the attribute is used in single quotes.
  *
  * @param boolean $for For the bookmark (true) or against (false)
  * @param integer $bId Bookmark ID
@@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') {
  */
 function createVoteURL($for, $bId)
 {
-    //FIXME: we need a "current url" variable that is
-    //filled with a safe version of the current url.
-    //all this specialchars stuff is bit of a hack.
     return htmlspecialchars(
         createURL(
             'vote',
             ($for ? 'for' : 'against') . '/' . $bId
-        ) . '?from=' . urlencode($_SERVER['REQUEST_URI']),
+        ),
         ENT_QUOTES
     );
 }

src/SemanticScuttle/header.php

@@ -20,7 +20,8 @@ if (defined('UNIT_TEST_MODE')) {
     }
 }
 
-require_once 'SemanticScuttle/constants.php'; // some constants are based on variables from config file
+// some constants are based on variables from config file
+require_once 'SemanticScuttle/constants.php';
 
 
 // Debug Management using constants
@@ -34,7 +35,8 @@ if(DEBUG_MODE) {
 	error_reporting(0);
 }
 
-// 2 // Second requirements part which could display bugs (must come after debug management)
+// 2 // Second requirements part which could display bugs
+// (must come after debug management)
 require_once 'SemanticScuttle/Service.php';
 require_once 'SemanticScuttle/DbService.php';
 require_once 'SemanticScuttle/Service/Factory.php';
@@ -57,6 +59,12 @@ T_textdomain($domain);
 // 4 // Session
 if (!defined('UNIT_TEST_MODE')) {
     session_start();
+    if ($GLOBALS['enableVoting']) {
+        if (isset($_SESSION['lastUrl'])) {
+            $GLOBALS['lastUrl'] = $_SESSION['lastUrl'];
+        }
+        $_SESSION['lastUrl'] = $_SERVER['REQUEST_URI'];
+    }
 }
 
 // 5 // Create mandatory services and objects

www/vote.php

@@ -3,9 +3,9 @@
  * We do expect three parameters:
  * - type (for/against)
  * - bookmark id
- * - url we shall redirect to (?from=)
+ * - session needs to contain the URL last visited
  *
- * vote/for/123?from=xyz
+ * vote/for/123
  */
 require_once '../src/SemanticScuttle/header.php';
 
@@ -21,7 +21,7 @@ $vs = SemanticScuttle_Service_Factory::get('Vote');
 
 if (!$us->isLoggedOn()) {
     header('HTTP/1.0 400 Bad Request');
-    echo 'need a logged on user';
+    echo 'You need to be logged on to vote.';
     exit(1);
 }
 $user = $us->getCurrentUser();
@@ -49,12 +49,12 @@ if (!is_numeric($bookmark)) {
 }
 $bookmark = (int)$bookmark;
 
-if (!isset($_GET['from']) || $_GET['from'] == '') {
-    header('HTTP/1.0 400 Bad Request');
-    echo 'Missing "from" parameter';
+if (!isset($GLOBALS['lastUrl']) || $GLOBALS['lastUrl'] == '') {
+    header('HTTP/1.0 412 Precondition failed');
+    echo 'Missing last URL in session';
     exit(5);
 }
-$from = $_GET['from'];
+$from = $GLOBALS['lastUrl'];
 
 
 if ($vs->hasVoted($bookmark, $user)) {