View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000085 | Main CAcert Website | website content | public | 2005-11-21 21:40 | 2013-01-13 15:36 |
| Reporter | Sourcerer | Assigned To | duane | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2005 | ||||
| Summary | 0000085: Login Redirect broken | ||||
| Description | When the people receive a deep URL per Email (or somehow else), for example https://www.cacert.org/gpg.php?id=3&cert=2543 and they are not logged in yet, then they are sent to the login page. When they are sent back, they are being sent to account.php with the old parameters, which breaks the system, when the link was to anything else than account.php (gpg.php as in the example above). The resulting URL is https://www.cacert.org/account.php?id=3&cert=2543 which is something completely different. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
2005-11-21 21:41
|
loggedin.patch (844 bytes)
--- loggedin.php.orig 2005-11-21 11:31:14.000000000 +0100
+++ loggedin.php 2005-11-21 11:32:36.000000000 +0100
@@ -42,7 +42,7 @@
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
- $_SESSION['_config']['oldlocation'] = "account.php?".$_SESSION['_config']['oldlocation'];
+ $_SESSION['_config']['oldlocation'] = $_SERVER[SCRIPT_NAME]."?".$_SESSION['_config']['oldlocation'];
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
exit;
@@ -100,7 +100,7 @@
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
- $_SESSION['_config']['oldlocation'] = "account.php?".$_SESSION['_config']['oldlocation'];
+ $_SESSION['_config']['oldlocation'] = $_SERVER[SCRIPT_NAME]."?".$_SESSION['_config']['oldlocation'];
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
exit;
|
|
|
implemented but replaced $_SERVER[SCRIPT_NAME] with substr($_SERVER['SCRIPT_NAME'], 1) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-11-21 21:40 | Sourcerer | New Issue | |
| 2005-11-21 21:41 | Sourcerer | File Added: loggedin.patch | |
| 2005-11-22 20:13 | duane | Status | new => solved? |
| 2005-11-22 20:13 | duane | Resolution | open => fixed |
| 2005-11-22 20:13 | duane | Assigned To | => duane |
| 2005-11-22 20:13 | duane | Note Added: 0000027 | |
| 2005-11-22 20:13 | duane | Note Edited: 0000027 | |
| 2005-11-22 21:00 | duane | Status | solved? => closed |
| 2005-11-22 21:00 | duane | Fixed in Version | => production |
| 2013-01-13 15:36 | Werner Dworak | Fixed in Version | => 2005 |
