fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-02 16:52:16 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix referer URL handling to account for member mid redirect

Browse source
This commit is contained in:
Kijin Sung 2023-06-20 20:32:03 +09:00
parent a9b3d99cf2
commit b2bc724715
3 changed files with 80 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

87
modules/member/member.view.php
View file

@ -47,7 +47,47 @@ class MemberView extends Member
}
/**
* Check redirect
* Check the referer for login and signup pages.
*/
public function checkRefererUrl()
{
// Get the referer URL from Context var or HTTP header.
$referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? '');
// Check if the referer is an internal URL.
$is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url);
// Check if the referer is the login or signup page, to prevent redirect loops.
if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url))
{
$is_valid_referer = false;
}
if (preg_match('!/(login|signup)\b!', $referer_url))
{
$is_valid_referer = false;
}
// Store valid referer info in the session.
if ($is_valid_referer)
{
return $_SESSION['member_auth_referer'] = $referer_url;
}
elseif (isset($_SESSION['member_auth_referer']))
{
return $_SESSION['member_auth_referer'];
}
elseif ($this->mid && !empty($this->member_config->mid) && $this->mid === $this->member_config->mid)
{
return getNotEncodedUrl('');
}
else
{
return getNotEncodedUrl('act', '');
}
}
/**
* Check redirect to member mid.
*/
public function checkMidAndRedirect()
{
@ -245,14 +285,24 @@ class MemberView extends Member
*/
function dispMemberSignUpForm()
{
//setcookie for redirect url in case of going to member sign up
setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, !!config('session.use_ssl_cookies'));
// Check referer URL
$referer_url = $this->checkRefererUrl();
$member_config = $this->member_config;
// Redirect to member mid if necessary.
if (!$this->checkMidAndRedirect())
{
return;
}
// Return to previous screen if already logged in.
if($this->user->isMember())
{
$this->setRedirectUrl($referer_url);
return;
}
// Get the member information if logged-in
if($this->user->member_srl) throw new Rhymix\Framework\Exception('msg_already_logged');
// call a trigger (before)
$member_config = $this->member_config;
$trigger_output = ModuleHandler::triggerCall('member.dispMemberSignUpForm', 'before', $member_config);
if(!$trigger_output->toBool()) return $trigger_output;
@ -710,25 +760,18 @@ class MemberView extends Member
*/
function dispMemberLoginForm()
{
// Get referer URL
$referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? '');
$is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url);
if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url))
{
$is_valid_referer = false;
}
if (preg_match('!/(login|signup)\b!', $referer_url))
{
$is_valid_referer = false;
}
if (!$is_valid_referer)
{
$referer_url = getNotEncodedUrl('act', '');
}
// Check referer URL
$referer_url = $this->checkRefererUrl();
Context::set('referer_url', $referer_url);
// Redirect to member mid if necessary.
if (!$this->checkMidAndRedirect())
{
return;
}
// Return to previous screen if already logged in.
if(Context::get('is_logged'))
if($this->user->isMember())
{
$this->setRedirectUrl($referer_url);
return;