From: <gi...@us...> - 2008-01-13 22:48:46
|
Revision: 4884 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=4884&view=rev Author: giallu Date: 2008-01-13 14:48:44 -0800 (Sun, 13 Jan 2008) Log Message: ----------- Fix 3911: Mantis violates RFC2616 when redirecting Modified Paths: -------------- trunk/mantisbt/config_defaults_inc.php trunk/mantisbt/core/html_api.php trunk/mantisbt/core/print_api.php Modified: trunk/mantisbt/config_defaults_inc.php =================================================================== --- trunk/mantisbt/config_defaults_inc.php 2008-01-13 17:39:37 UTC (rev 4883) +++ trunk/mantisbt/config_defaults_inc.php 2008-01-13 22:48:44 UTC (rev 4884) @@ -1463,8 +1463,11 @@ # Redirections ########################### + # Default page after Login or Set Project + $g_default_home_page = 'my_view_page.php'; + # Specify where the user should be sent after logging out. - $g_logout_redirect_page = '%path%login_page.php'; + $g_logout_redirect_page = 'login_page.php'; ########################### # Headers @@ -1724,8 +1727,6 @@ # Toggle whether 'My View' boxes are shown in a fixed position (i.e. adjacent boxes start at the same vertical position) $g_my_view_boxes_fixed_position = ON; - # Default page after Login or Set Project - $g_default_home_page = 'my_view_page.php'; ###################### # RSS Feeds Modified: trunk/mantisbt/core/html_api.php =================================================================== --- trunk/mantisbt/core/html_api.php 2008-01-13 17:39:37 UTC (rev 4883) +++ trunk/mantisbt/core/html_api.php 2008-01-13 22:48:44 UTC (rev 4884) @@ -246,6 +246,11 @@ # $p_time is the number of seconds to wait before redirecting. # If we have handled any errors on this page and the 'stop_on_errors' config # option is turned on, return false and don't redirect. + # + # @param string The page to redirect: has to be a relative path + # @param integer seconds to wait for before redirecting + # @param boolean apply string_sanitize_url to passed url + # @return boolean function html_meta_redirect( $p_url, $p_time = null, $p_sanitize = false ) { if ( ON == config_get( 'stop_on_errors' ) && error_handled() ) { return false; @@ -255,10 +260,12 @@ $p_time = current_user_get_pref( 'redirect_delay' ); } + + $t_url = config_get( 'path' ); if ( $p_sanitize ) { - $t_url = string_sanitize_url( $p_url ); + $t_url .= string_sanitize_url( $p_url ); } else { - $t_url = $p_url; + $t_url .= $p_url; } echo "\t<meta http-equiv=\"Refresh\" content=\"$p_time;URL=$t_url\" />\n"; Modified: trunk/mantisbt/core/print_api.php =================================================================== --- trunk/mantisbt/core/print_api.php 2008-01-13 17:39:37 UTC (rev 4883) +++ trunk/mantisbt/core/print_api.php 2008-01-13 22:48:44 UTC (rev 4884) @@ -42,6 +42,11 @@ # option is turned on, return false and don't redirect. # $p_sanitize - true/false - true in the case where the URL is extracted from GET/POST or untrusted source. # This would be false if the URL is trusted (e.g. read from config_inc.php). + # + # @param string The page to redirect: has to be a relative path + # @param boolean if true, stop the script after redirecting + # @param boolean apply string_sanitize_url to passed url + # @return boolean function print_header_redirect( $p_url, $p_die = true, $p_sanitize = false ) { $t_use_iis = config_get( 'use_iis'); @@ -50,7 +55,8 @@ } # validate the url as part of this site before continuing - $t_url = $p_sanitize ? string_sanitize_url( $p_url ) : $p_url; + $t_url = config_get( 'path' ); + $t_url .= $p_sanitize ? string_sanitize_url( $p_url ) : $p_url; # don't send more headers if they have already been sent (guideweb) if ( ! headers_sent() ) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |