Store redirect login url in session instead of using url parameter

6 files changed, 20 insertions, 9 deletions

diff --git a/app/Controller/Auth.php b/app/Controller/Auth.php
index 24e6e242..e8889b7f 100644
--- a/app/Controller/Auth.php
+++ b/app/Controller/Auth.php
@@ -25,7 +25,6 @@ class Auth extends Base
             'errors' => $errors,
             'values' => $values,
             'no_layout' => true,
-            'redirect_query' => $this->request->getStringParam('redirect_query'),
             'title' => t('Login')
         )));
     }
@@ -37,14 +36,15 @@ class Auth extends Base
      */
     public function check()
     {
-        $redirect_query = $this->request->getStringParam('redirect_query');
         $values = $this->request->getValues();
         list($valid, $errors) = $this->authentication->validateForm($values);
 
         if ($valid) {
 
-            if ($redirect_query !== '') {
-                $this->response->redirect('?'.urldecode($redirect_query));
+            if (! empty($this->session['login_redirect']) && ! filter_var($this->session['login_redirect'], FILTER_VALIDATE_URL)) {
+                $redirect = $this->session['login_redirect'];
+                unset($this->session['login_redirect']);
+                $this->response->redirect($redirect);
             }
 
             $this->response->redirect($this->helper->url->to('app', 'index'));
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 18187162..31eb023d 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -127,7 +127,8 @@ abstract class Base extends \Core\Base
                 $this->response->text('Not Authorized', 401);
             }
 
-            $this->response->redirect($this->helper->url->to('auth', 'login', array('redirect_query' => urlencode($this->request->getQueryString()))));
+            $this->session['login_redirect'] = $this->request->getUri();
+            $this->response->redirect($this->helper->url->to('auth', 'login'));
         }
     }
 
diff --git a/app/Controller/Oauth.php b/app/Controller/Oauth.php
index 00ccd694..8ba5b252 100644
--- a/app/Controller/Oauth.php
+++ b/app/Controller/Oauth.php
@@ -116,7 +116,6 @@ class Oauth extends Base
                 'errors' => array('login' => t('External authentication failed')),
                 'values' => array(),
                 'no_layout' => true,
-                'redirect_query' => '',
                 'title' => t('Login')
             )));
         }
diff --git a/app/Core/Request.php b/app/Core/Request.php
index b399a1f0..1eff66fa 100644
--- a/app/Core/Request.php
+++ b/app/Core/Request.php
@@ -163,6 +163,17 @@ class Request
     }
 
     /**
+     * Returns uri
+     *
+     * @access public
+     * @return string
+     */
+    public function getUri()
+    {
+        return isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
+    }
+
+    /**
      * Get the user agent
      *
      * @static
diff --git a/app/Template/auth/index.php b/app/Template/auth/index.php
index 6f4d93cc..ca303df9 100644
--- a/app/Template/auth/index.php
+++ b/app/Template/auth/index.php
@@ -5,7 +5,7 @@
     <?php endif ?>
 
     <?php if (! HIDE_LOGIN_FORM): ?>
-    <form method="post" action="<?= $this->url->href('auth', 'check', array('redirect_query' => $redirect_query)) ?>">
+    <form method="post" action="<?= $this->url->href('auth', 'check') ?>">
 
         <?= $this->form->csrf() ?>
 
@@ -17,8 +17,6 @@
 
         <?= $this->form->checkbox('remember_me', t('Remember Me'), 1, true) ?><br/>
 
-
-
         <div class="form-actions">
             <input type="submit" value="<?= t('Sign in') ?>" class="btn btn-blue"/>
         </div>
diff --git a/app/common.php b/app/common.php
index 29b2c54e..734f094b 100644
--- a/app/common.php
+++ b/app/common.php
@@ -119,4 +119,6 @@ if (ENABLE_URL_REWRITE) {
     // Auth routes
     $container['router']->addRoute('oauth/google', 'oauth', 'google');
     $container['router']->addRoute('oauth/github', 'oauth', 'github');
+    $container['router']->addRoute('login', 'auth', 'login');
+    $container['router']->addRoute('logout', 'auth', 'logout');
 }