summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/SemanticScuttle/functions.php7
-rw-r--r--src/SemanticScuttle/header.php22
-rw-r--r--www/vote.php14
3 files changed, 23 insertions, 20 deletions
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php
index 8823752..c03b3e0 100644
--- a/src/SemanticScuttle/functions.php
+++ b/src/SemanticScuttle/functions.php
@@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') {
/**
* Creates a "vote for/against this bookmark" URL.
* Also runs htmlspecialchars() on them to prevent XSS.
- * We need to use ENT_QUOTES since otherwise we would not be
- * protected when the attribute is used in single quotes.
*
* @param boolean $for For the bookmark (true) or against (false)
* @param integer $bId Bookmark ID
@@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') {
*/
function createVoteURL($for, $bId)
{
- //FIXME: we need a "current url" variable that is
- //filled with a safe version of the current url.
- //all this specialchars stuff is bit of a hack.
return htmlspecialchars(
createURL(
'vote',
($for ? 'for' : 'against') . '/' . $bId
- ) . '?from=' . urlencode($_SERVER['REQUEST_URI']),
+ ),
ENT_QUOTES
);
}
diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php
index 9615199..1b32643 100644
--- a/src/SemanticScuttle/header.php
+++ b/src/SemanticScuttle/header.php
@@ -1,5 +1,5 @@
<?php
-if(!file_exists(dirname(__FILE__) .'/../../data/config.php')) {
+if (!file_exists(dirname(__FILE__) .'/../../data/config.php')) {
die('Please copy "config.php.dist" to "config.php"');
}
set_include_path(
@@ -20,11 +20,12 @@ if (defined('UNIT_TEST_MODE')) {
}
}
-require_once 'SemanticScuttle/constants.php'; // some constants are based on variables from config file
+// some constants are based on variables from config file
+require_once 'SemanticScuttle/constants.php';
// Debug Management using constants
-if(DEBUG_MODE) {
+if (DEBUG_MODE) {
ini_set('display_errors', '1');
ini_set('mysql.trace_mode', '1');
error_reporting(E_ALL);
@@ -34,7 +35,8 @@ if(DEBUG_MODE) {
error_reporting(0);
}
-// 2 // Second requirements part which could display bugs (must come after debug management)
+// 2 // Second requirements part which could display bugs
+// (must come after debug management)
require_once 'SemanticScuttle/Service.php';
require_once 'SemanticScuttle/DbService.php';
require_once 'SemanticScuttle/Service/Factory.php';
@@ -50,20 +52,26 @@ require_once 'SemanticScuttle/utf8.php';
require_once 'php-gettext/gettext.inc';
$domain = 'messages';
T_setlocale(LC_MESSAGES, $locale);
-T_bindtextdomain($domain, dirname(__FILE__) .'/locales');
+T_bindtextdomain($domain, dirname(__FILE__) . '/locales');
T_bind_textdomain_codeset($domain, 'UTF-8');
T_textdomain($domain);
// 4 // Session
if (!defined('UNIT_TEST_MODE')) {
session_start();
+ if ($GLOBALS['enableVoting']) {
+ if (isset($_SESSION['lastUrl'])) {
+ $GLOBALS['lastUrl'] = $_SESSION['lastUrl'];
+ }
+ $_SESSION['lastUrl'] = $_SERVER['REQUEST_URI'];
+ }
}
// 5 // Create mandatory services and objects
-$userservice =SemanticScuttle_Service_Factory::get('User');
+$userservice = SemanticScuttle_Service_Factory::get('User');
$currentUser = $userservice->getCurrentObjectUser();
-$templateservice =SemanticScuttle_Service_Factory::get('Template');
+$templateservice = SemanticScuttle_Service_Factory::get('Template');
$tplVars = array();
$tplVars['currentUser'] = $currentUser;
$tplVars['userservice'] = $userservice;
diff --git a/www/vote.php b/www/vote.php
index 91f5c34..6dda31b 100644
--- a/www/vote.php
+++ b/www/vote.php
@@ -3,9 +3,9 @@
* We do expect three parameters:
* - type (for/against)
* - bookmark id
- * - url we shall redirect to (?from=)
+ * - session needs to contain the URL last visited
*
- * vote/for/123?from=xyz
+ * vote/for/123
*/
require_once '../src/SemanticScuttle/header.php';
@@ -21,7 +21,7 @@ $vs = SemanticScuttle_Service_Factory::get('Vote');
if (!$us->isLoggedOn()) {
header('HTTP/1.0 400 Bad Request');
- echo 'need a logged on user';
+ echo 'You need to be logged on to vote.';
exit(1);
}
$user = $us->getCurrentUser();
@@ -49,12 +49,12 @@ if (!is_numeric($bookmark)) {
}
$bookmark = (int)$bookmark;
-if (!isset($_GET['from']) || $_GET['from'] == '') {
- header('HTTP/1.0 400 Bad Request');
- echo 'Missing "from" parameter';
+if (!isset($GLOBALS['lastUrl']) || $GLOBALS['lastUrl'] == '') {
+ header('HTTP/1.0 412 Precondition failed');
+ echo 'Missing last URL in session';
exit(5);
}
-$from = $_GET['from'];
+$from = $GLOBALS['lastUrl'];
if ($vs->hasVoted($bookmark, $user)) {