[BUGFIX] redirect to referrer when changing password
authorJigal van Hemert <jigal@xs4all.nl>
Sun, 1 Jan 2012 22:05:47 +0000 (23:05 +0100)
committerSteffen Ritter <info@rs-websystems.de>
Wed, 7 Mar 2012 19:43:21 +0000 (20:43 +0100)
The referrer and referrerDomains redirect options must be ignored after
changing the password, otherwise you would end up on the page where the
change password form was displayed (which shows an error message now).
An extra option to ignore the referrer redirects is introduced for this.

Change-Id: Iebb5cd67b5d04fe169bdc4d5ec7f9c025a1f7004
Fixes: #21943
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/7647
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/felogin/pi1/class.tx_felogin_pi1.php

index ba497fc..20dec96 100644 (file)
@@ -316,7 +316,10 @@ class tx_felogin_pi1 extends tslib_pibase {
                                                $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_done_message', $this->conf['changePasswordDoneMessage_stdWrap.']);
                                                $done = TRUE;
                                                $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
-                                               $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
+                                               $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
+                                                       $this->pi_getLL('ll_forgot_header_backToLogin', '', 1),
+                                                       array($this->prefixId . '[redirectReferrer]' => 'off')
+                                               );
                                        }
                                }
 
@@ -518,6 +521,9 @@ class tx_felogin_pi1 extends tslib_pibase {
                        $referer = $this->referer ? $this->referer : t3lib_div::getIndpEnv('HTTP_REFERER');
                        if ($referer) {
                                $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
+                               if ($this->piVars['redirectReferrer'] === 'off') {
+                                       $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
+                               }
                        }
                }
 
@@ -621,15 +627,19 @@ class tx_felogin_pi1 extends tslib_pibase {
                                                        $redirect_url[] = $this->redirectUrl;
                                                break;
                                                case 'referer':
-                                                               // avoid forced logout, when trying to login immediatly after a logout
-                                                       $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
+                                                               // avoid redirect when logging in after changing password
+                                                       if ($this->piVars['redirectReferrer'] !== 'off') {
+                                                                       // avoid forced logout, when trying to login immediatly after a logout
+                                                               $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
+                                                       }
                                                break;
                                                case 'refererDomains':
                                                                // Auto redirect.
                                                                // Feature to redirect to the page where the user came from (HTTP_REFERER).
                                                                // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
                                                                // Thanks to plan2.net / Martin Kutschker for implementing this feature.
-                                                       if ($this->conf['domains']) {
+                                                               // also avoid redirect when logging in after changing password
+                                                       if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
                                                                $url = $this->referer;
                                                                        // is referring url allowed to redirect?
                                                                $match = array();
@@ -650,7 +660,7 @@ class tx_felogin_pi1 extends tslib_pibase {
                                                                        // Avoid forced logout, when trying to login immediatly after a logout
                                                                if ($url) {
                                                                        $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
-                                                       }
+                                                               }
                                                        }
                                                break;
                                        }