stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-23 22:19:17 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix for ticket #1039. The problem was, as Bryan76 pointed out, with passing the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url.

Browse Source
This commit is contained in:
Tim Almdal
2010-06-11 15:40:54 -07:00
parent bb35aefffb
commit bbbb35675a
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/gallery/controllers/logout.php
View File

@@ -22,13 +22,16 @@ class Logout_Controller extends Controller {
access::verify_csrf();
auth::logout();
if ($continue_url = Input::instance()->get("continue")) {
$item = url::get_item_from_uri($continue_url);
$components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4);
$item = url::get_item_from_uri($components[3]);
if (access::can("view", $item)) {
// Don't use url::redirect() because it'll call url::site() and munge the continue url.
header("Location: $continue_url");
header("Location: {$item->relative_url()}");
} else {
url::redirect(item::root()->abs_url());
}
} else {
url::redirect(item::root()->abs_url());
}
}
}