From 903b7b6e680a008cd8c93719a1e7f71f3d1c34b0 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Sun, 19 Jul 2015 02:46:30 +0200
Subject: Remove reliance on Referer header for the login form

---
 lib/VNDB/Handler/Users.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/VNDB/Handler/Users.pm')

diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index cf55a605..87e9701b 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -154,6 +154,8 @@ sub login {
     return;
   }
 
+  my $ref = $self->formValidate({ param => 'ref', required => 0, default => '/'})->{ref};
+
   my $frm;
   if($self->reqMethod eq 'POST') {
     return if !$self->authCheckCode;
@@ -162,9 +164,6 @@ sub login {
       { post => 'usrpass', required => 1, minlength => 4, maxlength => 64, template => 'asciiprint' },
     );
 
-    my $b = $self->reqBaseURI();
-    (my $ref = $self->reqHeader('Referer')||'/') =~ s/^\Q$b//;
-    $ref = '/' if $ref =~ /^\/u\//;
     if(!$frm->{_err}) {
       return if $self->authLogin($frm->{usrname}, $frm->{usrpass}, $ref);
       $frm->{_err} = [ 'login_failed' ];
@@ -174,6 +173,7 @@ sub login {
 
   $self->htmlHeader(noindex => 1, title => mt '_login_title');
   $self->htmlForm({ frm => $frm, action => '/u/login' }, login => [ mt('_login_title'),
+    [ hidden => short => 'ref', value => $ref ],
     [ input  => short => 'usrname', name => mt '_login_username' ],
     [ static => content => '<a href="/u/register">'.mt('_login_register').'</a>' ],
     [ passwd => short => 'usrpass', name => mt '_login_password' ],
-- 
cgit v1.2.3