From fbf9492b39641f0eef99c66b728c5d37e9bed932 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Wed, 13 Jan 2010 16:09:17 +0000 Subject: Fixed redirect bug caused by escape in HTTP_REFERER. --- app/acf_www-controller.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'app/acf_www-controller.lua') diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index fdabc0b..9bdf798 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -526,7 +526,9 @@ redirect_to_referrer = function(self, result) self:redirect() end else - local prefix, controller, action = self.parse_path_info(ENV.HTTP_REFERER:gsub("%?.*", "")) + local p = ENV.HTTP_REFERER:gsub("%?.*", ""):gsub("%%(%x%x)", + function(h) return string.char(tonumber(h, 16)) end ) + local prefix, controller, action = self.parse_path_info(p) if prefix ~= self.conf.prefix or controller ~= self.conf.controller or action ~= self.conf.action then self.sessiondata[self.conf.action.."result"] = result error({type="redir_to_referrer"}) -- cgit v1.2.3