mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENHANCEMENT: allow ChangePasswordForm to redirect to BackURL (from #5420)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103229 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
20e348d573
commit
a1dc52719c
@ -20,6 +20,12 @@ class ChangePasswordForm extends Form {
|
||||
* form - a {@link FieldSet} of
|
||||
*/
|
||||
function __construct($controller, $name, $fields = null, $actions = null) {
|
||||
if(isset($_REQUEST['BackURL'])) {
|
||||
$backURL = $_REQUEST['BackURL'];
|
||||
} else {
|
||||
$backURL = Session::get('BackURL');
|
||||
}
|
||||
|
||||
if(!$fields) {
|
||||
$fields = new FieldSet();
|
||||
if(Member::currentUser() && (!isset($_REQUEST['h']) || !Member::member_from_autologinhash($_REQUEST['h']))) {
|
||||
@ -35,6 +41,10 @@ class ChangePasswordForm extends Form {
|
||||
);
|
||||
}
|
||||
|
||||
if(isset($backURL)) {
|
||||
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
|
||||
}
|
||||
|
||||
parent::__construct($controller, $name, $fields, $actions);
|
||||
}
|
||||
|
||||
@ -88,9 +98,19 @@ class ChangePasswordForm extends Form {
|
||||
_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."),
|
||||
"good");
|
||||
Session::clear('AutoLoginHash');
|
||||
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
|
||||
Director::redirect($redirectURL);
|
||||
|
||||
|
||||
if (isset($_REQUEST['BackURL'])
|
||||
&& $_REQUEST['BackURL']
|
||||
// absolute redirection URLs may cause spoofing
|
||||
&& Director::is_site_url($_REQUEST['BackURL'])
|
||||
) {
|
||||
Director::redirect($_REQUEST['BackURL']);
|
||||
}
|
||||
else {
|
||||
// Redirect to default location - the login form saying "You are logged in as..."
|
||||
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
|
||||
Director::redirect($redirectURL);
|
||||
}
|
||||
} else {
|
||||
$this->clearMessage();
|
||||
$this->sessionMessage(
|
||||
|
Loading…
Reference in New Issue
Block a user