summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2015-07-19 02:46:30 +0200
committerYorhel <git@yorhel.nl>2015-07-19 02:46:30 +0200
commit903b7b6e680a008cd8c93719a1e7f71f3d1c34b0 (patch)
treeda8f22f39996f82d1ed534005b3c04e7877d9e7a /lib
parentf5e7a629a85a3abda0bfe7ee81b8612409377056 (diff)
Remove reliance on Referer header for the login form
Diffstat (limited to 'lib')
-rw-r--r--lib/VNDB/Handler/Users.pm6
-rw-r--r--lib/VNDB/Util/LayoutHTML.pm7
2 files changed, 8 insertions, 5 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index cf55a605..87e9701b 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -154,6 +154,8 @@ sub login {
return;
}
+ my $ref = $self->formValidate({ param => 'ref', required => 0, default => '/'})->{ref};
+
my $frm;
if($self->reqMethod eq 'POST') {
return if !$self->authCheckCode;
@@ -162,9 +164,6 @@ sub login {
{ post => 'usrpass', required => 1, minlength => 4, maxlength => 64, template => 'asciiprint' },
);
- my $b = $self->reqBaseURI();
- (my $ref = $self->reqHeader('Referer')||'/') =~ s/^\Q$b//;
- $ref = '/' if $ref =~ /^\/u\//;
if(!$frm->{_err}) {
return if $self->authLogin($frm->{usrname}, $frm->{usrpass}, $ref);
$frm->{_err} = [ 'login_failed' ];
@@ -174,6 +173,7 @@ sub login {
$self->htmlHeader(noindex => 1, title => mt '_login_title');
$self->htmlForm({ frm => $frm, action => '/u/login' }, login => [ mt('_login_title'),
+ [ hidden => short => 'ref', value => $ref ],
[ input => short => 'usrname', name => mt '_login_username' ],
[ static => content => '<a href="/u/register">'.mt('_login_register').'</a>' ],
[ passwd => short => 'usrpass', name => mt '_login_password' ],
diff --git a/lib/VNDB/Util/LayoutHTML.pm b/lib/VNDB/Util/LayoutHTML.pm
index e9cc4c54..5bd55873 100644
--- a/lib/VNDB/Util/LayoutHTML.pm
+++ b/lib/VNDB/Util/LayoutHTML.pm
@@ -3,8 +3,9 @@ package VNDB::Util::LayoutHTML;
use strict;
use warnings;
-use TUWF ':html';
+use TUWF ':html', 'uri_escape';
use Exporter 'import';
+use Encode 'decode_utf8';
use VNDB::Func;
our @EXPORT = qw|htmlHeader htmlFooter|;
@@ -114,7 +115,9 @@ sub _menu {
} else {
h2 mt '_menu_user';
div;
- a href => '/u/login', mt '_menu_login'; br;
+ # XXX: Using %ENV here is ugly, this should be abstracted in TUWF.
+ my $ref = uri_escape '/'.$self->reqPath().($ENV{QUERY_STRING} ? '?'.decode_utf8($ENV{QUERY_STRING}) : '');
+ a href => "/u/login?ref=$ref", mt '_menu_login'; br;
a href => '/u/newpass', mt '_menu_newpass'; br;
a href => '/u/register', mt '_menu_register'; br;
end;