From: Moritz Bunkus Date: Mon, 20 Jun 2011 15:54:02 +0000 (+0200) Subject: Keine großen GET-Requests via HTTP-Redirect erfordern X-Git-Tag: release-2.7.0beta1~379 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=75f692499bd11b7e2cd6fa4acb5c29923d0e281b;p=kivitendo-erp.git Keine großen GET-Requests via HTTP-Redirect erfordern Bugfix für 1609. --- diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm index 239cdcb96..9c9e60566 100644 --- a/SL/Dispatcher.pm +++ b/SL/Dispatcher.pm @@ -164,6 +164,11 @@ sub handle_request { $::form = Form->new; %::called_subs = (); + my $session_result = $::auth->restore_session; + $::auth->create_or_refresh_session; + + $::form->read_cgi_input; + eval { ($routing_type, $script_name, $action) = _route_request($script_name); 1; } or return; if ($routing_type eq 'old') { @@ -183,9 +188,6 @@ sub handle_request { eval { pre_request_checks(); - my $session_result = $::auth->restore_session; - $::auth->create_or_refresh_session; - $::form->error($::locale->text('System currently down for maintenance!')) if -e ($::lx_office_conf{paths}->{userspath} . "/nologin") && $script ne 'admin'; if ($script eq 'login' or $script eq 'admin') { diff --git a/SL/Form.pm b/SL/Form.pm index b2127e7ff..64412e15e 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -258,6 +258,16 @@ sub new { bless $self, $type; + $main::lxdebug->leave_sub(); + + return $self; +} + +sub read_cgi_input { + $main::lxdebug->enter_sub(); + + my ($self) = @_; + $self->_input_to_hash($ENV{QUERY_STRING}) if $ENV{QUERY_STRING}; $self->_input_to_hash($ARGV[0]) if @ARGV && $ARGV[0]; @@ -268,6 +278,12 @@ sub new { $uploads = $self->_request_to_hash($content); } + if ($self->{RESTORE_FORM_FROM_SESSION_ID}) { + my %temp_form; + $::auth->restore_form_from_session(delete $self->{RESTORE_FORM_FROM_SESSION_ID}, form => \%temp_form); + $self->_input_to_hash(join '&', map { $self->escape($_) . '=' . $self->escape($temp_form{$_}) } keys %temp_form); + } + my $db_charset = $::lx_office_conf{system}->{dbcharset}; $db_charset ||= Common::DEFAULT_CHARSET; @@ -994,6 +1010,16 @@ sub write_trigger { return $jsscript; } #end sub write_trigger +sub _store_redirect_info_in_session { + my ($self) = @_; + + return unless $self->{callback} =~ m:^ ( [^\?/]+ \.pl ) \? (.+) :x; + + my ($controller, $params) = ($1, $2); + my $form = { map { map { $self->unescape($_) } split /=/, $_, 2 } split m/\&/, $params }; + $self->{callback} = "${controller}?RESTORE_FORM_FROM_SESSION_ID=" . $::auth->save_form_in_session(form => $form); +} + sub redirect { $main::lxdebug->enter_sub(); @@ -1003,6 +1029,7 @@ sub redirect { $self->info($msg); } else { + $self->_store_redirect_info_in_session; print $::form->redirect_header($self->{callback}); }