From: Alexander Ebert <ebert@woltlab.com>
Date: Wed, 1 Jul 2015 21:44:59 +0000 (+0200)
Subject: Work-around for login w/o cookie support involving witchcraft
X-Git-Tag: 2.1.6~23
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=49c6afa3e13c74bbd3aa4629473b908fad40689a;p=GitHub%2FWoltLab%2FWCF.git

Work-around for login w/o cookie support involving witchcraft
---

diff --git a/wcfsetup/install/files/lib/form/LoginForm.class.php b/wcfsetup/install/files/lib/form/LoginForm.class.php
index 0aa592bc9d..c05acff16f 100644
--- a/wcfsetup/install/files/lib/form/LoginForm.class.php
+++ b/wcfsetup/install/files/lib/form/LoginForm.class.php
@@ -64,6 +64,8 @@ class LoginForm extends \wcf\acp\form\LoginForm {
 			UserAuthenticationFactory::getInstance()->getUserAuthentication()->storeAccessData($this->user, $this->username, $this->password);
 		}
 		
+		$oldSessionID = WCF::getSession()->sessionID;
+		
 		// change user
 		WCF::getSession()->changeUser($this->user);
 		
@@ -71,6 +73,20 @@ class LoginForm extends \wcf\acp\form\LoginForm {
 		$this->checkURL();
 		$this->saved();
 		
+		if (isset($_REQUEST['s']) && $_REQUEST['s'] == $oldSessionID && $oldSessionID != WCF::getSession()->sessionID) {
+			// force instant redirect to avoid issues with non-cookie login and the already defined SID_ARG_* constants
+			if (preg_match('~[?&]s=[a-f0-9]{40}~i', $this->url)) {
+				$this->url = preg_replace('~([?&])s=[a-f0-9]{40}~i', '$1s=' . WCF::getSession()->sessionID, $this->url);
+			}
+			else {
+				$this->url .= (mb_strpos($this->url, '?') === false) ? '?' : '&';
+				$this->url .= 's=' . WCF::getSession()->sessionID;
+			}
+			
+			HeaderUtil::redirect($this->url);
+			exit;
+		}
+		
 		// redirect to url
 		WCF::getTPL()->assign('__hideUserMenu', true);
 		HeaderUtil::delayedRedirect($this->url, WCF::getLanguage()->get('wcf.user.login.redirect'));