login: switch to absolute redirect urls

This commit is contained in:
Andrew Dolgov 2019-03-04 20:38:39 +03:00
parent e8edad377a
commit 5b3a73e574
3 changed files with 11 additions and 3 deletions

View File

@ -623,7 +623,7 @@ class Handler_Public extends Handler {
} else {
$return = urlencode($_SERVER["REQUEST_URI"])
$return = urlencode(make_self_url());
?>
@ -712,7 +712,9 @@ class Handler_Public extends Handler {
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
}
if (clean($_REQUEST['return'])) {
$return = clean($_REQUEST['return']);
if ($_REQUEST['return'] && mb_strpos($return, SELF_URL_PATH) === 0) {
header("Location: " . clean($_REQUEST['return']));
} else {
header("Location: " . get_self_url_prefix());

View File

@ -61,7 +61,7 @@ function bwLimitChange(elem) {
}
</script>
<?php $return = urlencode($_SERVER["REQUEST_URI"]) ?>
<?php $return = urlencode(make_self_url()) ?>
<div class="container">

View File

@ -14,6 +14,12 @@
* If you come crying when stuff inevitably breaks, you will be mocked and told
* to get out. */
function make_self_url() {
$proto = is_server_https() ? 'https' : 'http';
return $proto . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
}
function make_self_url_path() {
$proto = is_server_https() ? 'https' : 'http';
$url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);