Move URL redirection from URL to session parameter
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@433 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske
parent
af157c6bb7
commit
f24a387cc9
3 changed files with 23 additions and 20 deletions
|
|
@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') {
|
|||
/**
|
||||
* Creates a "vote for/against this bookmark" URL.
|
||||
* Also runs htmlspecialchars() on them to prevent XSS.
|
||||
* We need to use ENT_QUOTES since otherwise we would not be
|
||||
* protected when the attribute is used in single quotes.
|
||||
*
|
||||
* @param boolean $for For the bookmark (true) or against (false)
|
||||
* @param integer $bId Bookmark ID
|
||||
|
|
@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') {
|
|||
*/
|
||||
function createVoteURL($for, $bId)
|
||||
{
|
||||
//FIXME: we need a "current url" variable that is
|
||||
//filled with a safe version of the current url.
|
||||
//all this specialchars stuff is bit of a hack.
|
||||
return htmlspecialchars(
|
||||
createURL(
|
||||
'vote',
|
||||
($for ? 'for' : 'against') . '/' . $bId
|
||||
) . '?from=' . urlencode($_SERVER['REQUEST_URI']),
|
||||
),
|
||||
ENT_QUOTES
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
if(!file_exists(dirname(__FILE__) .'/../../data/config.php')) {
|
||||
if (!file_exists(dirname(__FILE__) .'/../../data/config.php')) {
|
||||
die('Please copy "config.php.dist" to "config.php"');
|
||||
}
|
||||
set_include_path(
|
||||
|
|
@ -20,11 +20,12 @@ if (defined('UNIT_TEST_MODE')) {
|
|||
}
|
||||
}
|
||||
|
||||
require_once 'SemanticScuttle/constants.php'; // some constants are based on variables from config file
|
||||
// some constants are based on variables from config file
|
||||
require_once 'SemanticScuttle/constants.php';
|
||||
|
||||
|
||||
// Debug Management using constants
|
||||
if(DEBUG_MODE) {
|
||||
if (DEBUG_MODE) {
|
||||
ini_set('display_errors', '1');
|
||||
ini_set('mysql.trace_mode', '1');
|
||||
error_reporting(E_ALL);
|
||||
|
|
@ -34,7 +35,8 @@ if(DEBUG_MODE) {
|
|||
error_reporting(0);
|
||||
}
|
||||
|
||||
// 2 // Second requirements part which could display bugs (must come after debug management)
|
||||
// 2 // Second requirements part which could display bugs
|
||||
// (must come after debug management)
|
||||
require_once 'SemanticScuttle/Service.php';
|
||||
require_once 'SemanticScuttle/DbService.php';
|
||||
require_once 'SemanticScuttle/Service/Factory.php';
|
||||
|
|
@ -50,20 +52,26 @@ require_once 'SemanticScuttle/utf8.php';
|
|||
require_once 'php-gettext/gettext.inc';
|
||||
$domain = 'messages';
|
||||
T_setlocale(LC_MESSAGES, $locale);
|
||||
T_bindtextdomain($domain, dirname(__FILE__) .'/locales');
|
||||
T_bindtextdomain($domain, dirname(__FILE__) . '/locales');
|
||||
T_bind_textdomain_codeset($domain, 'UTF-8');
|
||||
T_textdomain($domain);
|
||||
|
||||
// 4 // Session
|
||||
if (!defined('UNIT_TEST_MODE')) {
|
||||
session_start();
|
||||
if ($GLOBALS['enableVoting']) {
|
||||
if (isset($_SESSION['lastUrl'])) {
|
||||
$GLOBALS['lastUrl'] = $_SESSION['lastUrl'];
|
||||
}
|
||||
$_SESSION['lastUrl'] = $_SERVER['REQUEST_URI'];
|
||||
}
|
||||
}
|
||||
|
||||
// 5 // Create mandatory services and objects
|
||||
$userservice =SemanticScuttle_Service_Factory::get('User');
|
||||
$userservice = SemanticScuttle_Service_Factory::get('User');
|
||||
$currentUser = $userservice->getCurrentObjectUser();
|
||||
|
||||
$templateservice =SemanticScuttle_Service_Factory::get('Template');
|
||||
$templateservice = SemanticScuttle_Service_Factory::get('Template');
|
||||
$tplVars = array();
|
||||
$tplVars['currentUser'] = $currentUser;
|
||||
$tplVars['userservice'] = $userservice;
|
||||
|
|
|
|||
14
www/vote.php
14
www/vote.php
|
|
@ -3,9 +3,9 @@
|
|||
* We do expect three parameters:
|
||||
* - type (for/against)
|
||||
* - bookmark id
|
||||
* - url we shall redirect to (?from=)
|
||||
* - session needs to contain the URL last visited
|
||||
*
|
||||
* vote/for/123?from=xyz
|
||||
* vote/for/123
|
||||
*/
|
||||
require_once '../src/SemanticScuttle/header.php';
|
||||
|
||||
|
|
@ -21,7 +21,7 @@ $vs = SemanticScuttle_Service_Factory::get('Vote');
|
|||
|
||||
if (!$us->isLoggedOn()) {
|
||||
header('HTTP/1.0 400 Bad Request');
|
||||
echo 'need a logged on user';
|
||||
echo 'You need to be logged on to vote.';
|
||||
exit(1);
|
||||
}
|
||||
$user = $us->getCurrentUser();
|
||||
|
|
@ -49,12 +49,12 @@ if (!is_numeric($bookmark)) {
|
|||
}
|
||||
$bookmark = (int)$bookmark;
|
||||
|
||||
if (!isset($_GET['from']) || $_GET['from'] == '') {
|
||||
header('HTTP/1.0 400 Bad Request');
|
||||
echo 'Missing "from" parameter';
|
||||
if (!isset($GLOBALS['lastUrl']) || $GLOBALS['lastUrl'] == '') {
|
||||
header('HTTP/1.0 412 Precondition failed');
|
||||
echo 'Missing last URL in session';
|
||||
exit(5);
|
||||
}
|
||||
$from = $_GET['from'];
|
||||
$from = $GLOBALS['lastUrl'];
|
||||
|
||||
|
||||
if ($vs->hasVoted($bookmark, $user)) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue