ENHANCEMENT: allow ChangePasswordForm to redirect to BackURL (from #5420) (from r103229)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112126 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-10-13 03:36:39 +00:00
parent 86fa92248a
commit 5cabd56ac6

View File

@ -20,6 +20,12 @@ class ChangePasswordForm extends Form {
* form - a {@link FieldSet} of * form - a {@link FieldSet} of
*/ */
function __construct($controller, $name, $fields = null, $actions = null) { function __construct($controller, $name, $fields = null, $actions = null) {
if(isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = Session::get('BackURL');
}
if(!$fields) { if(!$fields) {
$fields = new FieldSet(); $fields = new FieldSet();
if(Member::currentUser() && (!isset($_REQUEST['h']) || !Member::member_from_autologinhash($_REQUEST['h']))) { if(Member::currentUser() && (!isset($_REQUEST['h']) || !Member::member_from_autologinhash($_REQUEST['h']))) {
@ -35,6 +41,10 @@ class ChangePasswordForm extends Form {
); );
} }
if(isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
parent::__construct($controller, $name, $fields, $actions); parent::__construct($controller, $name, $fields, $actions);
} }
@ -88,9 +98,19 @@ class ChangePasswordForm extends Form {
_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."), _t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."),
"good"); "good");
Session::clear('AutoLoginHash'); Session::clear('AutoLoginHash');
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
Director::redirect($redirectURL); if (isset($_REQUEST['BackURL'])
&& $_REQUEST['BackURL']
// absolute redirection URLs may cause spoofing
&& Director::is_site_url($_REQUEST['BackURL'])
) {
Director::redirect($_REQUEST['BackURL']);
}
else {
// Redirect to default location - the login form saying "You are logged in as..."
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
Director::redirect($redirectURL);
}
} else { } else {
$this->clearMessage(); $this->clearMessage();
$this->sessionMessage( $this->sessionMessage(