ENHANCEMENT: allow ChangePasswordForm to redirect to BackURL (from #5420)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103229 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Mateusz Uzdowski 2010-04-21 03:10:20 +00:00 committed by Sam Minnee
parent 20e348d573
commit a1dc52719c

View File

@ -20,6 +20,12 @@ class ChangePasswordForm extends Form {
* form - a {@link FieldSet} of
*/
function __construct($controller, $name, $fields = null, $actions = null) {
if(isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = Session::get('BackURL');
}
if(!$fields) {
$fields = new FieldSet();
if(Member::currentUser() && (!isset($_REQUEST['h']) || !Member::member_from_autologinhash($_REQUEST['h']))) {
@ -35,6 +41,10 @@ class ChangePasswordForm extends Form {
);
}
if(isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
parent::__construct($controller, $name, $fields, $actions);
}
@ -88,9 +98,19 @@ class ChangePasswordForm extends Form {
_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."),
"good");
Session::clear('AutoLoginHash');
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
Director::redirect($redirectURL);
if (isset($_REQUEST['BackURL'])
&& $_REQUEST['BackURL']
// absolute redirection URLs may cause spoofing
&& Director::is_site_url($_REQUEST['BackURL'])
) {
Director::redirect($_REQUEST['BackURL']);
}
else {
// Redirect to default location - the login form saying "You are logged in as..."
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
Director::redirect($redirectURL);
}
} else {
$this->clearMessage();
$this->sessionMessage(