diff options
author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-27 19:58:54 +0000 |
---|---|---|
committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-27 19:58:54 +0000 |
commit | f24a387cc95661ed724d4a51651a96a0f1b8c488 (patch) | |
tree | 972c61dd832f597ae046f6cf0c4fb99e9ee77920 | |
parent | af157c6bb72518f8ee3096f6370c920ef9b965a3 (diff) | |
download | semanticscuttle-f24a387cc95661ed724d4a51651a96a0f1b8c488.tar.gz semanticscuttle-f24a387cc95661ed724d4a51651a96a0f1b8c488.tar.bz2 |
Move URL redirection from URL to session parameter
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@433 b3834d28-1941-0410-a4f8-b48e95affb8f
-rw-r--r-- | src/SemanticScuttle/functions.php | 7 | ||||
-rw-r--r-- | src/SemanticScuttle/header.php | 22 | ||||
-rw-r--r-- | www/vote.php | 14 |
3 files changed, 23 insertions, 20 deletions
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php index 8823752..c03b3e0 100644 --- a/src/SemanticScuttle/functions.php +++ b/src/SemanticScuttle/functions.php @@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') { /** * Creates a "vote for/against this bookmark" URL. * Also runs htmlspecialchars() on them to prevent XSS. - * We need to use ENT_QUOTES since otherwise we would not be - * protected when the attribute is used in single quotes. * * @param boolean $for For the bookmark (true) or against (false) * @param integer $bId Bookmark ID @@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') { */ function createVoteURL($for, $bId) { - //FIXME: we need a "current url" variable that is - //filled with a safe version of the current url. - //all this specialchars stuff is bit of a hack. return htmlspecialchars( createURL( 'vote', ($for ? 'for' : 'against') . '/' . $bId - ) . '?from=' . urlencode($_SERVER['REQUEST_URI']), + ), ENT_QUOTES ); } diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php index 9615199..1b32643 100644 --- a/src/SemanticScuttle/header.php +++ b/src/SemanticScuttle/header.php @@ -1,5 +1,5 @@ <?php -if(!file_exists(dirname(__FILE__) .'/../../data/config.php')) { +if (!file_exists(dirname(__FILE__) .'/../../data/config.php')) { die('Please copy "config.php.dist" to "config.php"'); } set_include_path( @@ -20,11 +20,12 @@ if (defined('UNIT_TEST_MODE')) { } } -require_once 'SemanticScuttle/constants.php'; // some constants are based on variables from config file +// some constants are based on variables from config file +require_once 'SemanticScuttle/constants.php'; // Debug Management using constants -if(DEBUG_MODE) { +if (DEBUG_MODE) { ini_set('display_errors', '1'); ini_set('mysql.trace_mode', '1'); error_reporting(E_ALL); @@ -34,7 +35,8 @@ if(DEBUG_MODE) { error_reporting(0); } -// 2 // Second requirements part which could display bugs (must come after debug management) +// 2 // Second requirements part which could display bugs +// (must come after debug management) require_once 'SemanticScuttle/Service.php'; require_once 'SemanticScuttle/DbService.php'; require_once 'SemanticScuttle/Service/Factory.php'; @@ -50,20 +52,26 @@ require_once 'SemanticScuttle/utf8.php'; require_once 'php-gettext/gettext.inc'; $domain = 'messages'; T_setlocale(LC_MESSAGES, $locale); -T_bindtextdomain($domain, dirname(__FILE__) .'/locales'); +T_bindtextdomain($domain, dirname(__FILE__) . '/locales'); T_bind_textdomain_codeset($domain, 'UTF-8'); T_textdomain($domain); // 4 // Session if (!defined('UNIT_TEST_MODE')) { session_start(); + if ($GLOBALS['enableVoting']) { + if (isset($_SESSION['lastUrl'])) { + $GLOBALS['lastUrl'] = $_SESSION['lastUrl']; + } + $_SESSION['lastUrl'] = $_SERVER['REQUEST_URI']; + } } // 5 // Create mandatory services and objects -$userservice =SemanticScuttle_Service_Factory::get('User'); +$userservice = SemanticScuttle_Service_Factory::get('User'); $currentUser = $userservice->getCurrentObjectUser(); -$templateservice =SemanticScuttle_Service_Factory::get('Template'); +$templateservice = SemanticScuttle_Service_Factory::get('Template'); $tplVars = array(); $tplVars['currentUser'] = $currentUser; $tplVars['userservice'] = $userservice; diff --git a/www/vote.php b/www/vote.php index 91f5c34..6dda31b 100644 --- a/www/vote.php +++ b/www/vote.php @@ -3,9 +3,9 @@ * We do expect three parameters: * - type (for/against) * - bookmark id - * - url we shall redirect to (?from=) + * - session needs to contain the URL last visited * - * vote/for/123?from=xyz + * vote/for/123 */ require_once '../src/SemanticScuttle/header.php'; @@ -21,7 +21,7 @@ $vs = SemanticScuttle_Service_Factory::get('Vote'); if (!$us->isLoggedOn()) { header('HTTP/1.0 400 Bad Request'); - echo 'need a logged on user'; + echo 'You need to be logged on to vote.'; exit(1); } $user = $us->getCurrentUser(); @@ -49,12 +49,12 @@ if (!is_numeric($bookmark)) { } $bookmark = (int)$bookmark; -if (!isset($_GET['from']) || $_GET['from'] == '') { - header('HTTP/1.0 400 Bad Request'); - echo 'Missing "from" parameter'; +if (!isset($GLOBALS['lastUrl']) || $GLOBALS['lastUrl'] == '') { + header('HTTP/1.0 412 Precondition failed'); + echo 'Missing last URL in session'; exit(5); } -$from = $_GET['from']; +$from = $GLOBALS['lastUrl']; if ($vs->hasVoted($bookmark, $user)) { |