tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-28 16:24:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix too greedy __SELF__ login redirect on XHR

Browse Source 
I introduced this bug some commits earlier. We only must redirect to __SELF__ on XHR
if a redirect URL was set.

refs #8626
This commit is contained in:
Eric Lippmann 2015-03-12 00:57:03 +01:00
parent 2f752ed1ac
commit 749957c3b4
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/Icinga/Web/Controller/ActionController.php
View File

@ -295,9 +295,9 @@ class ActionController extends Zend_Controller_Action
/** /**
* Redirect to login * Redirect to login
* *
* XHR will always redirect to __SELF__. __SELF__ instructs JavaScript to redirect to the current window's URL * XHR will always redirect to __SELF__ if an URL to redirect to after successful login is set. __SELF__ instructs
* if it's an auto-refresh request or to redirect to the URL which required login if it's not an auto-refreshing * JavaScript to redirect to the current window's URL if it's an auto-refresh request or to redirect to the URL
* one. * which required login if it's not an auto-refreshing one.
* *
* XHR will respond with HTTP status code 403 Forbidden. * XHR will respond with HTTP status code 403 Forbidden.
* *
@ -307,7 +307,9 @@ class ActionController extends Zend_Controller_Action
{ {
$login = Url::fromPath('authentication/login'); $login = Url::fromPath('authentication/login');
if ($this->isXhr()) { if ($this->isXhr()) {
$login->setParam('redirect', '__SELF__'); if ($redirect !== null) {
$login->setParam('redirect', '__SELF__');
}
$this->_response->setHttpResponseCode(403); $this->_response->setHttpResponseCode(403);
} elseif ($redirect !== null) { } elseif ($redirect !== null) {
if (! $redirect instanceof Url) { if (! $redirect instanceof Url) {