#54145 - move redirect parameter back to POST to avoid mod_security triggers

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10332 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 14:18:52 +00:00 · 2009-12-13 14:59:03 +00:00 · 2009-12-13 14:59:03 +00:00 · d096696ef2
commit d096696ef2
parent 321ec3644e
9 changed files with 10 additions and 4 deletions
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -117,6 +117,7 @@
 		<li>[Fix] Use correct options to parse BBCodes in signatures when previewing PMs.</li>
 		<li>[Fix] Correct rendering of prosilver quick reply under IE6. (Bug #54115 - Patch by Raimon)</li>
 		<li>[Fix] Handle export of private messages where all recipients were deleted. (Bug #50985)</li>
+		<li>[Change] Move redirect into a hidden field to avoid issues with mod_security. (Bug #54145)</li>
 		<li>[Change] Log activation through inactive users ACP. (Bug #30145)</li>
 		<li>[Change] Send time of last item instead of current time in ATOM Feeds. (Bug #53305)</li>
 		<li>[Change] Use em dash instead of hyphen/minus as separator in ATOM Feeds item statistics. (Bug #53565)</li>
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -4135,7 +4135,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		'S_FORUM_ID'			=> $forum_id,
 		'S_TOPIC_ID'			=> $topic_id,

-		'S_LOGIN_ACTION'		=> (!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') . '&amp;redirect=' . urlencode(str_replace('&amp;', '&', build_url())) : append_sid("index.$phpEx", false, true, $user->session_id) . '&amp;redirect=' . urlencode(str_replace('&amp;', '&', build_url())),
+		'S_LOGIN_ACTION'		=> ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)),
+		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => str_replace('&amp;', '&', build_url()))),                                                                                                                    

 		'S_ENABLE_FEEDS'			=> ($config['feed_enable']) ? true : false,
 		'S_ENABLE_FEEDS_FORUMS'		=> ($config['feed_overall_forums']) ? true : false,
--- a/phpBB/styles/prosilver/template/index_body.html
+++ b/phpBB/styles/prosilver/template/index_body.html
@ -24,6 +24,7 @@
 				| <label for="autologin">{L_LOG_ME_IN} <input type="checkbox" name="autologin" id="autologin" /></label>
 			<!-- ENDIF -->
 			<input type="submit" name="login" value="{L_LOGIN}" class="button2" />
+			{S_LOGIN_REDIRECT}
 		</fieldset>
 	</form>
 <!-- ENDIF -->
--- a/phpBB/styles/prosilver/template/login_body.html
+++ b/phpBB/styles/prosilver/template/login_body.html
@ -36,7 +36,7 @@
 			<dt>&nbsp;</dt>
 			<dd>{S_HIDDEN_FIELDS}<input type="submit" name="login" tabindex="6" value="{L_LOGIN}" class="button1" /></dd>
 		</dl>
-
+		{S_LOGIN_REDIRECT}
 		</fieldset>
 	</div>
 	<span class="corners-bottom"><span></span></span></div>
--- a/phpBB/styles/prosilver/template/viewforum_body.html
+++ b/phpBB/styles/prosilver/template/viewforum_body.html
@ -100,6 +100,7 @@
 					<dt>&nbsp;</dt>
 					<dd><input type="submit" name="login" tabindex="5" value="{L_LOGIN}" class="button1" /></dd>
 				</dl>
+				{S_LOGIN_REDIRECT}
 				</fieldset>
 			</div>

--- a/phpBB/styles/subsilver2/template/index_body.html
+++ b/phpBB/styles/subsilver2/template/index_body.html
@ -80,6 +80,7 @@
 		<td class="row1" align="center"><span class="genmed">{L_USERNAME}:</span> <input class="post" type="text" name="username" size="10" />&nbsp; <span class="genmed">{L_PASSWORD}:</span> <input class="post" type="password" name="password" size="10" />&nbsp; <!-- IF S_AUTOLOGIN_ENABLED --> <span class="gensmall">{L_LOG_ME_IN}</span> <input type="checkbox" class="radio" name="autologin" /><!-- ENDIF -->&nbsp; <input type="submit" class="btnmain" name="login" value="{L_LOGIN}" /></td>
 	</tr>
 	</table>
+	{S_LOGIN_REDIRECT}
 	{S_FORM_TOKEN}
 	</form>
 <!-- ENDIF -->
--- a/phpBB/styles/subsilver2/template/login_body.html
+++ b/phpBB/styles/subsilver2/template/login_body.html
@ -77,7 +77,7 @@
 </tr>
 </table>
 {S_FORM_TOKEN}
-
+{S_LOGIN_REDIRECT}
 </form>

 <br clear="all" />
--- a/phpBB/styles/subsilver2/template/login_forum.html
+++ b/phpBB/styles/subsilver2/template/login_forum.html
@ -32,6 +32,7 @@
 	</tr>
 	</table>
 	{S_FORM_TOKEN}
+	{S_LOGIN_REDIRECT}
 	</form>

 </div>
--- a/phpBB/styles/subsilver2/template/viewforum_body.html
+++ b/phpBB/styles/subsilver2/template/viewforum_body.html
@ -125,7 +125,7 @@
 			<td class="row1" align="center"><span class="genmed">{L_USERNAME}:</span> <input class="post" type="text" name="username" size="10" />&nbsp; <span class="genmed">{L_PASSWORD}:</span> <input class="post" type="password" name="password" size="10" /><!-- IF S_AUTOLOGIN_ENABLED -->&nbsp; <span class="gensmall">{L_LOG_ME_IN}</span> <input type="checkbox" class="radio" name="autologin" /><!-- ENDIF -->&nbsp; <input type="submit" class="btnmain" name="login" value="{L_LOGIN}" /></td>
 		</tr>
 		</table>
-
+		{S_LOGIN_REDIRECT}
 		</form>

 	<!-- ENDIF -->