tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

LoginForm: add "redirect" POST field 

Instead of blindly trusting the redirect parameter in the URL this
creates a hidden form field and explicitely set's the form action
to the current URL without the redirect parameter.

refs #6584
This commit is contained in:
Thomas Gelf 2014-08-19 09:30:54 +02:00
parent 3ccfbec53c
commit 1cffbc9034
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
application/forms/Authentication/LoginForm.php
View File

@ -5,6 +5,7 @@
namespace Icinga\Form\Authentication;
use Icinga\Web\Form;
use Icinga\Web\Url;
/**
* Class LoginForm
@ -16,12 +17,19 @@ class LoginForm extends Form
*/
protected function create()
{
$url = Url::fromRequest();
$this->setName('form_login');
$this->addElement('text', 'username', array(
'label' => t('Username'),
'placeholder' => t('Please enter your username...'),
'required' => true,
));
$redir = $this->addElement('hidden', 'redirect');
$redirectUrl = $url->shift('redirect');
if ($redirectUrl) {
$this->setDefault('redirect', $redirectUrl);
}
$this->addElement('password', 'password', array(
'label' => t('Password'),
@ -34,6 +42,7 @@ class LoginForm extends Form
} else {
$this->getElement('username')->setAttrib('class', 'autofocus');
}
$this->setAction((string) $url);
$this->setSubmitLabel('Login');
}
}