Redirect user to the previous page after logging in (#1679).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1695 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-07-26 08:46:33 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-07-26 08:46:33 +0000
commit: 9f92554319144effbab13b688b07d15cdafea89a (patch)
tree: 4deda817a75d68caef0cb2fd205766dc68ea01db /app
parent: 5564dfbbd5a31362fde86f27ac8beccd1661d6f8 (diff)
download: redmine-9f92554319144effbab13b688b07d15cdafea89a.tar.gz
redmine-9f92554319144effbab13b688b07d15cdafea89a.zip
3 files changed, 14 insertions, 15 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2daee50de..debe02162 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -15,6 +15,8 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
+require 'uri'
+
 class ApplicationController < ActionController::Base
   before_filter :user_setup, :check_if_login_required, :set_localization
   filter_parameter_logging :password
@@ -77,8 +79,7 @@ class ApplicationController < ActionController::Base
   
   def require_login
     if !User.current.logged?
-      store_location
-      redirect_to :controller => "account", :action => "login"
+      redirect_to :controller => "account", :action => "login", :back_url => request.request_uri
       return false
     end
     true
@@ -115,20 +116,16 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  # store current uri in session.
-  # return to this location by calling redirect_back_or_default
-  def store_location
-    session[:return_to_params] = params
-  end
-
-  # move to the last store_location call or to the passed default one
   def redirect_back_or_default(default)
-    if session[:return_to_params].nil?
-      redirect_to default
-    else
-      redirect_to session[:return_to_params]
-      session[:return_to_params] = nil
+    back_url = params[:back_url]
+    if !back_url.blank?
+      uri = URI.parse(back_url)
+      # do not redirect user to another host
+      if uri.relative? || (uri.host == request.host)
+        redirect_to(back_url) and return
+      end
     end
+    redirect_to default
   end
   
   def render_403
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 6e39d093f..7bcec461e 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -451,7 +451,8 @@ module ApplicationHelper
   end
   
   def back_url_hidden_field_tag
-    hidden_field_tag 'back_url', (params[:back_url] || request.env['HTTP_REFERER'])
+    back_url = params[:back_url] || request.env['HTTP_REFERER']
+    hidden_field_tag('back_url', back_url) unless back_url.blank?
   end
   
   def check_all_links(form_name)
diff --git a/app/views/account/login.rhtml b/app/views/account/login.rhtml
index ea1a1cd44..d8c1f313f 100644
--- a/app/views/account/login.rhtml
+++ b/app/views/account/login.rhtml
@@ -1,5 +1,6 @@
 <div id="login-form">
 <% form_tag({:action=> "login"}) do %>
+<%= back_url_hidden_field_tag %>
 <table>
 <tr>
     <td align="right"><label for="username"><%=l(:field_login)%>:</label></td>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-07-26 08:46:33 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-07-26 08:46:33 +0000
commit	9f92554319144effbab13b688b07d15cdafea89a (patch)
tree	4deda817a75d68caef0cb2fd205766dc68ea01db /app
parent	5564dfbbd5a31362fde86f27ac8beccd1661d6f8 (diff)
download	redmine-9f92554319144effbab13b688b07d15cdafea89a.tar.gz redmine-9f92554319144effbab13b688b07d15cdafea89a.zip