maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

correctly redirect to last-page if session is timed out and remove passing script/qrystr url parameters

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2023-08-11 12:09:23 +02:00
parent 52a06bf806
commit fcfd44f726
6 changed files with 25 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
index.php
View File

@@ -434,8 +434,13 @@ if ($action == '2fa_entercode') {
if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
$lastqrystr = urlencode($_REQUEST['qrystr']);
}
$_SESSION['lastscript'] = $lastscript;
$_SESSION['lastqrystr'] = $lastqrystr;
if (!empty($lastscript)) {
$_SESSION['lastscript'] = $lastscript;
}
if (!empty($lastqrystr)) {
$_SESSION['lastqrystr'] = $lastqrystr;
}
UI::view('login/login.html.twig', [
'pagetitle' => 'Login',
@@ -634,7 +639,7 @@ if ($action == 'forgotpwd') {
UI::view('login/fpwd.html.twig', [
'pagetitle' => lng('login.presend'),
'formaction' => 'index.php?action='.$action,
'formaction' => 'index.php?action=' . $action,
'message' => $message,
]);
}
@@ -786,7 +791,7 @@ if ($action == 'll') {
function finishLogin($userinfo)
{
if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
session_regenerate_id();
session_regenerate_id(true);
CurrentUser::setData($userinfo);
$language = $userinfo['def_language'] ?? Settings::Get('panel.standardlanguage');
@@ -800,7 +805,7 @@ function finishLogin($userinfo)
}
$qryparams = [];
if (isset($_SESSION['lastqrystr']) && !empty($_SESSION['lastqrystr'])) {
if (!empty($_SESSION['lastqrystr'])) {
parse_str(urldecode($_SESSION['lastqrystr']), $qryparams);
unset($_SESSION['lastqrystr']);
}
@@ -809,7 +814,7 @@ function finishLogin($userinfo)
if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
Response::redirectTo('admin_updates.php?page=overview');
} else {
if (isset($_SESSION['lastscript']) && !empty($_SESSION['lastscript'])) {
if (!empty($_SESSION['lastscript'])) {
$lastscript = $_SESSION['lastscript'];
unset($_SESSION['lastscript']);
if (preg_match("/customer\_/", $lastscript) === 1) {
@@ -824,7 +829,7 @@ function finishLogin($userinfo)
}
}
} else {
if (isset($_SESSION['lastscript']) && !empty($_SESSION['lastscript'])) {
if (!empty($_SESSION['lastscript'])) {
$lastscript = $_SESSION['lastscript'];
unset($_SESSION['lastscript']);
Response::redirectTo($lastscript, $qryparams);