Fossil SCM
Add the cgi_referer() utility function. Use it to cause the setup_uedit page to always go back to the page it came from.
Commit
59a51b8267da45846820295f3148b6faa1692e331910706c481dc68fc5925c6e
Parent
564e42dfe577d60…
2 files changed
+14
+10
-6
+14
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -437,10 +437,24 @@ | ||
| 437 | 437 | va_list ap; |
| 438 | 438 | va_start(ap, zFormat); |
| 439 | 439 | cgi_redirect(vmprintf(zFormat, ap)); |
| 440 | 440 | va_end(ap); |
| 441 | 441 | } |
| 442 | + | |
| 443 | +/* | |
| 444 | +** Return the URL for the caller. This is obtained from either the | |
| 445 | +** referer CGI parameter, if it exists, or the HTTP_REFERER HTTP parameter. | |
| 446 | +** If neither exist, return zDefault. | |
| 447 | +*/ | |
| 448 | +const char *cgi_referer(const char *zDefault){ | |
| 449 | + const char *zRef = P("referer"); | |
| 450 | + if( zRef==0 ){ | |
| 451 | + zRef = P("HTTP_REFERER"); | |
| 452 | + if( zRef==0 ) zRef = zDefault; | |
| 453 | + } | |
| 454 | + return zRef; | |
| 455 | +} | |
| 442 | 456 | |
| 443 | 457 | /* |
| 444 | 458 | ** Information about all query parameters and cookies are stored |
| 445 | 459 | ** in these variables. |
| 446 | 460 | */ |
| 447 | 461 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -437,10 +437,24 @@ | |
| 437 | va_list ap; |
| 438 | va_start(ap, zFormat); |
| 439 | cgi_redirect(vmprintf(zFormat, ap)); |
| 440 | va_end(ap); |
| 441 | } |
| 442 | |
| 443 | /* |
| 444 | ** Information about all query parameters and cookies are stored |
| 445 | ** in these variables. |
| 446 | */ |
| 447 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -437,10 +437,24 @@ | |
| 437 | va_list ap; |
| 438 | va_start(ap, zFormat); |
| 439 | cgi_redirect(vmprintf(zFormat, ap)); |
| 440 | va_end(ap); |
| 441 | } |
| 442 | |
| 443 | /* |
| 444 | ** Return the URL for the caller. This is obtained from either the |
| 445 | ** referer CGI parameter, if it exists, or the HTTP_REFERER HTTP parameter. |
| 446 | ** If neither exist, return zDefault. |
| 447 | */ |
| 448 | const char *cgi_referer(const char *zDefault){ |
| 449 | const char *zRef = P("referer"); |
| 450 | if( zRef==0 ){ |
| 451 | zRef = P("HTTP_REFERER"); |
| 452 | if( zRef==0 ) zRef = zDefault; |
| 453 | } |
| 454 | return zRef; |
| 455 | } |
| 456 | |
| 457 | /* |
| 458 | ** Information about all query parameters and cookies are stored |
| 459 | ** in these variables. |
| 460 | */ |
| 461 |
+10
-6
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -440,11 +440,11 @@ | ||
| 440 | 440 | higherUser = zOldCaps && strchr(zOldCaps,'s'); |
| 441 | 441 | } |
| 442 | 442 | |
| 443 | 443 | if( P("can") ){ |
| 444 | 444 | /* User pressed the cancel button */ |
| 445 | - cgi_redirect("setup_ulist"); | |
| 445 | + cgi_redirect(cgi_referer("setup_ulist")); | |
| 446 | 446 | return; |
| 447 | 447 | } |
| 448 | 448 | |
| 449 | 449 | /* If we have all the necessary information, write the new or |
| 450 | 450 | ** modified user record. After writing the user record, redirect |
| @@ -467,11 +467,12 @@ | ||
| 467 | 467 | zLogin = P("login"); |
| 468 | 468 | if( strlen(zLogin)==0 ){ |
| 469 | 469 | style_header("User Creation Error"); |
| 470 | 470 | @ <span class="loginError">Empty login not allowed.</span> |
| 471 | 471 | @ |
| 472 | - @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> | |
| 472 | + @ <p><a href="setup_uedit?id=%d(uid)&referer=%T(cgi_referer("setup_ulist"))"> | |
| 473 | + @ [Bummer]</a></p> | |
| 473 | 474 | style_footer(); |
| 474 | 475 | return; |
| 475 | 476 | } |
| 476 | 477 | if( isValidPwString(zPw) ){ |
| 477 | 478 | zPw = sha1_shared_secret(zPw, zLogin, 0); |
| @@ -482,11 +483,12 @@ | ||
| 482 | 483 | if( db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) ){ |
| 483 | 484 | style_header("User Creation Error"); |
| 484 | 485 | @ <span class="loginError">Login "%h(zLogin)" is already used by |
| 485 | 486 | @ a different user.</span> |
| 486 | 487 | @ |
| 487 | - @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> | |
| 488 | + @ <p><a href="setup_uedit?id=%d(uid)&referer=%T(cgi_referer("setup_ulist"))"> | |
| 489 | + @ [Bummer]</a></p> | |
| 488 | 490 | style_footer(); |
| 489 | 491 | return; |
| 490 | 492 | } |
| 491 | 493 | login_verify_csrf_secret(); |
| 492 | 494 | db_multi_exec( |
| @@ -527,16 +529,17 @@ | ||
| 527 | 529 | if( zErr ){ |
| 528 | 530 | style_header("User Change Error"); |
| 529 | 531 | admin_log( "Error updating user '%q': %s'.", zLogin, zErr ); |
| 530 | 532 | @ <span class="loginError">%h(zErr)</span> |
| 531 | 533 | @ |
| 532 | - @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> | |
| 534 | + @ <p><a href="setup_uedit?id=%d(uid)&referer=%T(cgi_referer("setup_ulist"))"> | |
| 535 | + @ [Bummer]</a></p> | |
| 533 | 536 | style_footer(); |
| 534 | 537 | return; |
| 535 | 538 | } |
| 536 | 539 | } |
| 537 | - cgi_redirect("setup_ulist"); | |
| 540 | + cgi_redirect(cgi_referer("setup_ulist")); | |
| 538 | 541 | return; |
| 539 | 542 | } |
| 540 | 543 | |
| 541 | 544 | /* Load the existing information about the user, if any |
| 542 | 545 | */ |
| @@ -595,11 +598,11 @@ | ||
| 595 | 598 | free(z2); |
| 596 | 599 | } |
| 597 | 600 | |
| 598 | 601 | /* Begin generating the page |
| 599 | 602 | */ |
| 600 | - style_submenu_element("Cancel", "setup_ulist"); | |
| 603 | + style_submenu_element("Cancel", cgi_referer("setup_ulist")); | |
| 601 | 604 | if( uid ){ |
| 602 | 605 | style_header("Edit User %h", zLogin); |
| 603 | 606 | }else{ |
| 604 | 607 | style_header("Add A New User"); |
| 605 | 608 | } |
| @@ -609,10 +612,11 @@ | ||
| 609 | 612 | if( login_is_special(zLogin) ){ |
| 610 | 613 | @ <input type="hidden" name="login" value="%s(zLogin)"> |
| 611 | 614 | @ <input type="hidden" name="info" value=""> |
| 612 | 615 | @ <input type="hidden" name="pw" value="*"> |
| 613 | 616 | } |
| 617 | + @ <input type="hidden" name="referer" value="%h(cgi_referer("setup_ulist"))"> | |
| 614 | 618 | @ <script> |
| 615 | 619 | @ function updateCapabilityString(){ |
| 616 | 620 | @ /* |
| 617 | 621 | @ ** This function updates the "#usetupEditCapability" span content |
| 618 | 622 | @ ** with the capabilities selected by the interactive user, based |
| 619 | 623 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -440,11 +440,11 @@ | |
| 440 | higherUser = zOldCaps && strchr(zOldCaps,'s'); |
| 441 | } |
| 442 | |
| 443 | if( P("can") ){ |
| 444 | /* User pressed the cancel button */ |
| 445 | cgi_redirect("setup_ulist"); |
| 446 | return; |
| 447 | } |
| 448 | |
| 449 | /* If we have all the necessary information, write the new or |
| 450 | ** modified user record. After writing the user record, redirect |
| @@ -467,11 +467,12 @@ | |
| 467 | zLogin = P("login"); |
| 468 | if( strlen(zLogin)==0 ){ |
| 469 | style_header("User Creation Error"); |
| 470 | @ <span class="loginError">Empty login not allowed.</span> |
| 471 | @ |
| 472 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| 473 | style_footer(); |
| 474 | return; |
| 475 | } |
| 476 | if( isValidPwString(zPw) ){ |
| 477 | zPw = sha1_shared_secret(zPw, zLogin, 0); |
| @@ -482,11 +483,12 @@ | |
| 482 | if( db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) ){ |
| 483 | style_header("User Creation Error"); |
| 484 | @ <span class="loginError">Login "%h(zLogin)" is already used by |
| 485 | @ a different user.</span> |
| 486 | @ |
| 487 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| 488 | style_footer(); |
| 489 | return; |
| 490 | } |
| 491 | login_verify_csrf_secret(); |
| 492 | db_multi_exec( |
| @@ -527,16 +529,17 @@ | |
| 527 | if( zErr ){ |
| 528 | style_header("User Change Error"); |
| 529 | admin_log( "Error updating user '%q': %s'.", zLogin, zErr ); |
| 530 | @ <span class="loginError">%h(zErr)</span> |
| 531 | @ |
| 532 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| 533 | style_footer(); |
| 534 | return; |
| 535 | } |
| 536 | } |
| 537 | cgi_redirect("setup_ulist"); |
| 538 | return; |
| 539 | } |
| 540 | |
| 541 | /* Load the existing information about the user, if any |
| 542 | */ |
| @@ -595,11 +598,11 @@ | |
| 595 | free(z2); |
| 596 | } |
| 597 | |
| 598 | /* Begin generating the page |
| 599 | */ |
| 600 | style_submenu_element("Cancel", "setup_ulist"); |
| 601 | if( uid ){ |
| 602 | style_header("Edit User %h", zLogin); |
| 603 | }else{ |
| 604 | style_header("Add A New User"); |
| 605 | } |
| @@ -609,10 +612,11 @@ | |
| 609 | if( login_is_special(zLogin) ){ |
| 610 | @ <input type="hidden" name="login" value="%s(zLogin)"> |
| 611 | @ <input type="hidden" name="info" value=""> |
| 612 | @ <input type="hidden" name="pw" value="*"> |
| 613 | } |
| 614 | @ <script> |
| 615 | @ function updateCapabilityString(){ |
| 616 | @ /* |
| 617 | @ ** This function updates the "#usetupEditCapability" span content |
| 618 | @ ** with the capabilities selected by the interactive user, based |
| 619 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -440,11 +440,11 @@ | |
| 440 | higherUser = zOldCaps && strchr(zOldCaps,'s'); |
| 441 | } |
| 442 | |
| 443 | if( P("can") ){ |
| 444 | /* User pressed the cancel button */ |
| 445 | cgi_redirect(cgi_referer("setup_ulist")); |
| 446 | return; |
| 447 | } |
| 448 | |
| 449 | /* If we have all the necessary information, write the new or |
| 450 | ** modified user record. After writing the user record, redirect |
| @@ -467,11 +467,12 @@ | |
| 467 | zLogin = P("login"); |
| 468 | if( strlen(zLogin)==0 ){ |
| 469 | style_header("User Creation Error"); |
| 470 | @ <span class="loginError">Empty login not allowed.</span> |
| 471 | @ |
| 472 | @ <p><a href="setup_uedit?id=%d(uid)&referer=%T(cgi_referer("setup_ulist"))"> |
| 473 | @ [Bummer]</a></p> |
| 474 | style_footer(); |
| 475 | return; |
| 476 | } |
| 477 | if( isValidPwString(zPw) ){ |
| 478 | zPw = sha1_shared_secret(zPw, zLogin, 0); |
| @@ -482,11 +483,12 @@ | |
| 483 | if( db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) ){ |
| 484 | style_header("User Creation Error"); |
| 485 | @ <span class="loginError">Login "%h(zLogin)" is already used by |
| 486 | @ a different user.</span> |
| 487 | @ |
| 488 | @ <p><a href="setup_uedit?id=%d(uid)&referer=%T(cgi_referer("setup_ulist"))"> |
| 489 | @ [Bummer]</a></p> |
| 490 | style_footer(); |
| 491 | return; |
| 492 | } |
| 493 | login_verify_csrf_secret(); |
| 494 | db_multi_exec( |
| @@ -527,16 +529,17 @@ | |
| 529 | if( zErr ){ |
| 530 | style_header("User Change Error"); |
| 531 | admin_log( "Error updating user '%q': %s'.", zLogin, zErr ); |
| 532 | @ <span class="loginError">%h(zErr)</span> |
| 533 | @ |
| 534 | @ <p><a href="setup_uedit?id=%d(uid)&referer=%T(cgi_referer("setup_ulist"))"> |
| 535 | @ [Bummer]</a></p> |
| 536 | style_footer(); |
| 537 | return; |
| 538 | } |
| 539 | } |
| 540 | cgi_redirect(cgi_referer("setup_ulist")); |
| 541 | return; |
| 542 | } |
| 543 | |
| 544 | /* Load the existing information about the user, if any |
| 545 | */ |
| @@ -595,11 +598,11 @@ | |
| 598 | free(z2); |
| 599 | } |
| 600 | |
| 601 | /* Begin generating the page |
| 602 | */ |
| 603 | style_submenu_element("Cancel", cgi_referer("setup_ulist")); |
| 604 | if( uid ){ |
| 605 | style_header("Edit User %h", zLogin); |
| 606 | }else{ |
| 607 | style_header("Add A New User"); |
| 608 | } |
| @@ -609,10 +612,11 @@ | |
| 612 | if( login_is_special(zLogin) ){ |
| 613 | @ <input type="hidden" name="login" value="%s(zLogin)"> |
| 614 | @ <input type="hidden" name="info" value=""> |
| 615 | @ <input type="hidden" name="pw" value="*"> |
| 616 | } |
| 617 | @ <input type="hidden" name="referer" value="%h(cgi_referer("setup_ulist"))"> |
| 618 | @ <script> |
| 619 | @ function updateCapabilityString(){ |
| 620 | @ /* |
| 621 | @ ** This function updates the "#usetupEditCapability" span content |
| 622 | @ ** with the capabilities selected by the interactive user, based |
| 623 |