diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-06-10 15:46:05 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-06-10 15:46:05 +0000 |
commit | e8cc4f1e257ba8ed3f6895d0b57d032e53d6542d (patch) | |
tree | 7217713698862c0e4e606e34ba3912c2b5390ea7 | |
parent | d8056b081fd3998e19242e3067786d6db4cf3f18 (diff) | |
download | acf-core-e8cc4f1e257ba8ed3f6895d0b57d032e53d6542d.tar.bz2 acf-core-e8cc4f1e257ba8ed3f6895d0b57d032e53d6542d.tar.xz |
Modified logonredirect to discard get/post data when don't follow login redirect.
-rw-r--r-- | app/acf-util/logon-controller.lua | 8 | ||||
-rw-r--r-- | app/acf-util/logon-model.lua | 2 |
2 files changed, 9 insertions, 1 deletions
diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua index c8cd82a..d71d257 100644 --- a/app/acf-util/logon-controller.lua +++ b/app/acf-util/logon-controller.lua @@ -22,6 +22,7 @@ logon = function(self) local redir = cfe({ value=clientdata.redir or "/welcome/read", label="" }) local cmdresult = cfe({ type="form", value={userid=userid, password=password, redir=redir}, label="Logon", option="Logon" }) if clientdata.Logon then + local logonredirect = self.sessiondata.logonredirect local logon = self.model:logon(clientdata.userid, clientdata.password, conf.clientip, conf.sessiondir, sessiondata) -- If successful logon, redirect to welcome-page, otherwise try again if logon.value then @@ -31,6 +32,13 @@ logon = function(self) end cmdresult = self:redirect_to_referrer(cmdresult) if logon.value then + -- only copy the logonredirect if redirecting to that page + if logonredirect and cmdresult.value.redir.value then + local prefix, controller, action = self.parse_path_info("/"..cmdresult.value.redir.value) + if logonredirect.action == action and logonredirect.controller == controller then + self.sessiondata.logonredirect = logonredirect + end + end redirect(self, cmdresult.value.redir.value) end else diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index 34aa46e..c110ee6 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -39,7 +39,7 @@ logon = function (self, userid, password, ip_addr, sessiondir, sessiondata) session.unlink_session(sessiondir, sessiondata.id) -- Clear the current session data for a,b in pairs(sessiondata) do - if a ~= "id" and a ~= "logonredirect" then sessiondata[a] = nil end + if a ~= "id" then sessiondata[a] = nil end end --]] sessiondata.id = session.random_hash(512) |