tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-25 23:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

LoginForm: add "redirect" POST field

Browse Source 
Instead of blindly trusting the redirect parameter in the URL this
creates a hidden form field and explicitely set's the form action
to the current URL without the redirect parameter.

refs #6584
This commit is contained in:
Thomas Gelf 2014-08-19 09:30:54 +02:00
parent 3ccfbec53c
commit 1cffbc9034
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
application/forms/Authentication/LoginForm.php
View File

@ -5,6 +5,7 @@
namespace Icinga\Form\Authentication; namespace Icinga\Form\Authentication;
use Icinga\Web\Form; use Icinga\Web\Form;
use Icinga\Web\Url;
/** /**
* Class LoginForm * Class LoginForm
@ -16,12 +17,19 @@ class LoginForm extends Form
*/ */
protected function create() protected function create()
{ {
$url = Url::fromRequest();
$this->setName('form_login'); $this->setName('form_login');
$this->addElement('text', 'username', array( $this->addElement('text', 'username', array(
'label' => t('Username'), 'label' => t('Username'),
'placeholder' => t('Please enter your username...'), 'placeholder' => t('Please enter your username...'),
'required' => true, 'required' => true,
)); ));
$redir = $this->addElement('hidden', 'redirect');
$redirectUrl = $url->shift('redirect');
if ($redirectUrl) {
$this->setDefault('redirect', $redirectUrl);
}
$this->addElement('password', 'password', array( $this->addElement('password', 'password', array(
'label' => t('Password'), 'label' => t('Password'),
@ -34,6 +42,7 @@ class LoginForm extends Form
} else { } else {
$this->getElement('username')->setAttrib('class', 'autofocus'); $this->getElement('username')->setAttrib('class', 'autofocus');
} }
$this->setAction((string) $url);
$this->setSubmitLabel('Login'); $this->setSubmitLabel('Login');
} }
} }