Merge pull request #861 from greezybacon/issue/858

auth: Handle REQUEST_URI not being authoritative Reviewed-By: Peter Rotich <peter@osticket.com>

Merge pull request #861 from greezybacon/issue/858
auth: Handle REQUEST_URI not being authoritative Reviewed-By: Peter Rotich <peter@osticket.com>
d0624418 · Peter Rotich · d6970162 · 4c7aaa03 · d0624418 · d0624418
Commit d0624418 authored 11 years ago by Peter Rotich
--- a/main.inc.php
+++ b/main.inc.php
@@ -140,7 +140,6 @@

    #CURRENT EXECUTING SCRIPT.
    define('THISPAGE', Misc::currentURL());
-    define('THISURI', $_SERVER['REQUEST_URI']);

    # This is to support old installations. with no secret salt.
    if(!defined('SECRET_SALT')) define('SECRET_SALT',md5(TABLE_PREFIX.ADMIN_EMAIL));

--- a/scp/staff.inc.php
+++ b/scp/staff.inc.php
@@ -49,7 +49,8 @@ require_once(INCLUDE_DIR.'class.csrf.php');
 if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the function to  trap expired sessions.
    function staffLoginPage($msg) {
        global $ost, $cfg;
-        $_SESSION['_staff']['auth']['dest']=THISURI;
+        $_SESSION['_staff']['auth']['dest'] =
+            '/' . ltrim($_SERVER['REQUEST_URI'], '/');
        $_SESSION['_staff']['auth']['msg']=$msg;
        require(SCP_DIR.'login.php');
        exit;