How forms are being validated should not be a task that is part of the
controller action, but should be handled by the form base class as it is
most of the time the same procedure. Now a controller action just sets
up the form to use, calls handleRequest() and acts upon its return value.
(e.g. calling handleRequest() from another form or any redirection)
refs #5525
It is not sufficient to just check whether all required elements are being
submitted. We definetely need to check whether the submit button was
pressed. But doing this and providing a standard button with a static name
simultaneously will produce conflicts if forms are using the same action
urls. To fix this, we'll add an additional form-identification check by using
a form's name or class.
refs #5525
The redirectOnLogin function now doesn't have any predefined default.
This also leads to the behaviour that "Logout" will not redirect you
anywhere on a new login while "forcibly being logged out" (e.g. by
logging out in another browser tab) will bring you back to where you
came from.
...once you lost your session. That's the only way to do this in a
smooth way. When the server get's an unauthenticated request for a
single container, redirecting to auth/login?redir=<that-container>
was not what you expect.
Together with JS handling __SELF__ in redirection URLs this will
play fine.
refs #6935
One might not expect to get a URL with params separated by & while
this is the correct way of writing them to HTML attributes. So default
behaviour is right now that all functions return URL params separated
by &, but if you cast a URL (or it's params) to a string, & will be
used.
Additionally there are toString functions allowing you to choose the
separator "manually".
refs #6699
This function had an interesting history and seems to be a result of
missunderstanding of each others commits. Removed, as the fragment is
already there.
refs #6699
Setting an url with parameters named like form elements in a form with
method POST causes Zend to ignore any POST data because GET will be
processed with higher priority.
fixes#6806
This reverts commit 64954e99244f26cc6b6dccc7d60a253c105bd550.
If the strip_username_regex is configured on the autologin backend and applies on a user's name,
the authenticated user's username does never match the REMOTE_USER server variable.
Thus the application will logout/login on every request which results in a redirect loop.
refs #6462
Remove methods from manager because autologin
is now handled with special backends (AutoLoginBackend).
The session is used to store the status about a remote
user authentication to send a 401 header to the client
upon logout.
refs #6461
