From 1c247bc4073451ad156ecedfbd2f7ebe73b56c12 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Tue, 18 Aug 2015 22:01:18 +0200
Subject: Fix redirect URI when using multiple tabs

If we store only the last called URI in the session we can't support
multiple browser tabs that all need to log in again. Fix this by
storing the URI in the URL.

Also change a trim() to ltrim() so that the URI string we store keeps
it's trailing slash.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/controllers/user.php | 19 ++++++++++++-------
 application/models/muser.php     | 12 ------------
 application/views/header.php     |  2 +-
 application/views/user/login.php |  2 +-
 public_html/index.php            |  7 ++++++-
 system/core/Config.php           |  2 +-
 6 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/application/controllers/user.php b/application/controllers/user.php
index b432cba5e..eca0b7da3 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -44,8 +44,18 @@ class User extends MY_Controller {
 
 	function login()
 	{
+		$redirect_uri = $this->input->get("redirect_uri");
 		$this->muser->require_session();
-		$this->session->keep_flashdata("uri");
+
+		if (!preg_match('/^[0-9a-zA-Z\/_]*$/', $redirect_uri)) {
+			$redirect_uri = '/';
+		}
+
+		if ($this->muser->logged_in()) {
+			redirect($redirect_uri);
+		}
+
+		$this->data['redirect_uri'] = $redirect_uri;
 
 		if ($this->input->post('process') !== false) {
 			$username = $this->input->post('username');
@@ -59,12 +69,7 @@ class User extends MY_Controller {
 				$this->load->view($this->var->view_dir.'login', $this->data);
 				$this->load->view('footer', $this->data);
 			} else {
-				$uri = $this->session->flashdata("uri");
-				if ($uri) {
-					redirect($uri);
-				} else {
-					redirect("/");
-				}
+				redirect($redirect_uri);
 			}
 		} else {
 			$this->load->view('header', $this->data);
diff --git a/application/models/muser.php b/application/models/muser.php
index 4d183c5a6..200390358 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -18,10 +18,6 @@ class Muser extends CI_Model {
 	{
 		parent::__construct();
 
-		if ($this->has_session() && !$this->logged_in()) {
-			$this->session->keep_flashdata("uri");
-		}
-
 		$this->load->helper("filebin");
 		$this->load->driver("duser");
 	}
@@ -184,14 +180,6 @@ class Muser extends CI_Model {
 			return $this->check_access_level($wanted_level);
 		}
 
-		if (stateful_client()) {
-			// desktop clients get redirected to the login form
-			$this->require_session();
-			if (!$this->session->userdata("flash:new:uri")) {
-				$this->session->set_flashdata("uri", $this->uri->uri_string());
-			}
-		}
-
 		throw new \exceptions\NotAuthenticatedException("api/not-authenticated", "Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.");
 	}
 
diff --git a/application/views/header.php b/application/views/header.php
index 081f91820..6332382b2 100644
--- a/application/views/header.php
+++ b/application/views/header.php
@@ -77,7 +77,7 @@ if (is_cli_client() && !isset($force_full_html)) {
 										<?php if(auth_driver_function_implemented("can_reset_password")) { ?>
 											<p><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p>
 										<?php } ?>
-										<?php echo form_open("user/login", array("class" => "form-signin")); ?>
+										<?php echo form_open("user/login?redirect_uri=".get_instance()->uri->uri_string(), array("class" => "form-signin")); ?>
 											<input type="text" name="username" placeholder="Username" class="form-control">
 											<input type="password" name="password" placeholder="Password" class="form-control">
 											<button type="submit" name="process" class="btn btn-default btn-block">Login</button>
diff --git a/application/views/user/login.php b/application/views/user/login.php
index 3e30d53bd..5b2067bb0 100644
--- a/application/views/user/login.php
+++ b/application/views/user/login.php
@@ -3,7 +3,7 @@ if (isset($login_error)) { ?>
 	<div class="alert alert-danger">The entered credentials are invalid.</div>
 <?php } ?>
 
-<?php echo form_open('user/login', array("class" => "form-horizontal login-page")); ?>
+<?php echo form_open("user/login?redirect_uri=$redirect_uri", array("class" => "form-horizontal login-page")); ?>
 	<div class="form-group">
 		<label class="control-label" for="inputUsername">Username</label>
 		<div class="controls">
diff --git a/public_html/index.php b/public_html/index.php
index f0c099478..de9d2a16c 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -221,7 +221,12 @@ try {
 	if (is_cli_client()) {
 		show_error(nl2br(htmlspecialchars($e->__toString())), $e->get_http_error_code());
 	} else {
-		redirect("user/login");
+		$CI =& get_instance();
+		$redirect_uri = $CI->uri->uri_string();
+		if (isset($CI->data["redirect_uri"])) {
+			$redirect_uri = $CI->data["redirect_uri"];
+		}
+		redirect("user/login?redirect_uri=".$redirect_uri);
 	}
 } catch (\exceptions\PublicApiException $e) {
 	show_error(nl2br(htmlspecialchars($e->__toString())), $e->get_http_error_code());
diff --git a/system/core/Config.php b/system/core/Config.php
index 46ed9365c..caa8b945a 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -299,7 +299,7 @@ class CI_Config {
 			{
 				$uri = implode('/', $uri);
 			}
-			$uri = trim($uri, '/');
+			$uri = ltrim($uri, '/');
 		}
 		else
 		{
-- 
cgit v1.2.3-24-g4f1b