From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Mon, 20 Jun 2011 15:54:02 +0000 (+0200)
Subject: Keine großen GET-Requests via HTTP-Redirect erfordern
X-Git-Tag: release-2.7.0beta1~379
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=75f692499bd11b7e2cd6fa4acb5c29923d0e281b;p=kivitendo-erp.git

Keine großen GET-Requests via HTTP-Redirect erfordern

Bugfix für 1609.
---

diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm
index 239cdcb96..9c9e60566 100644
--- a/SL/Dispatcher.pm
+++ b/SL/Dispatcher.pm
@@ -164,6 +164,11 @@ sub handle_request {
   $::form        = Form->new;
   %::called_subs = ();
 
+  my $session_result = $::auth->restore_session;
+  $::auth->create_or_refresh_session;
+
+  $::form->read_cgi_input;
+
   eval { ($routing_type, $script_name, $action) = _route_request($script_name); 1; } or return;
 
   if ($routing_type eq 'old') {
@@ -183,9 +188,6 @@ sub handle_request {
   eval {
     pre_request_checks();
 
-    my $session_result = $::auth->restore_session;
-    $::auth->create_or_refresh_session;
-
     $::form->error($::locale->text('System currently down for maintenance!')) if -e ($::lx_office_conf{paths}->{userspath} . "/nologin") && $script ne 'admin';
 
     if ($script eq 'login' or $script eq 'admin') {
diff --git a/SL/Form.pm b/SL/Form.pm
index b2127e7ff..64412e15e 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -258,6 +258,16 @@ sub new {
 
   bless $self, $type;
 
+  $main::lxdebug->leave_sub();
+
+  return $self;
+}
+
+sub read_cgi_input {
+  $main::lxdebug->enter_sub();
+
+  my ($self) = @_;
+
   $self->_input_to_hash($ENV{QUERY_STRING}) if $ENV{QUERY_STRING};
   $self->_input_to_hash($ARGV[0])           if @ARGV && $ARGV[0];
 
@@ -268,6 +278,12 @@ sub new {
     $uploads = $self->_request_to_hash($content);
   }
 
+  if ($self->{RESTORE_FORM_FROM_SESSION_ID}) {
+    my %temp_form;
+    $::auth->restore_form_from_session(delete $self->{RESTORE_FORM_FROM_SESSION_ID}, form => \%temp_form);
+    $self->_input_to_hash(join '&', map { $self->escape($_) . '=' . $self->escape($temp_form{$_}) } keys %temp_form);
+  }
+
   my $db_charset   = $::lx_office_conf{system}->{dbcharset};
   $db_charset    ||= Common::DEFAULT_CHARSET;
 
@@ -994,6 +1010,16 @@ sub write_trigger {
   return $jsscript;
 }    #end sub write_trigger
 
+sub _store_redirect_info_in_session {
+  my ($self) = @_;
+
+  return unless $self->{callback} =~ m:^ ( [^\?/]+ \.pl ) \? (.+) :x;
+
+  my ($controller, $params) = ($1, $2);
+  my $form                  = { map { map { $self->unescape($_) } split /=/, $_, 2 } split m/\&/, $params };
+  $self->{callback}         = "${controller}?RESTORE_FORM_FROM_SESSION_ID=" . $::auth->save_form_in_session(form => $form);
+}
+
 sub redirect {
   $main::lxdebug->enter_sub();
 
@@ -1003,6 +1029,7 @@ sub redirect {
     $self->info($msg);
 
   } else {
+    $self->_store_redirect_info_in_session;
     print $::form->redirect_header($self->{callback});
   }