From 49c6afa3e13c74bbd3aa4629473b908fad40689a Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Wed, 1 Jul 2015 23:44:59 +0200 Subject: [PATCH] Work-around for login w/o cookie support involving witchcraft --- .../install/files/lib/form/LoginForm.class.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/wcfsetup/install/files/lib/form/LoginForm.class.php b/wcfsetup/install/files/lib/form/LoginForm.class.php index 0aa592bc9d..c05acff16f 100644 --- a/wcfsetup/install/files/lib/form/LoginForm.class.php +++ b/wcfsetup/install/files/lib/form/LoginForm.class.php @@ -64,6 +64,8 @@ class LoginForm extends \wcf\acp\form\LoginForm { UserAuthenticationFactory::getInstance()->getUserAuthentication()->storeAccessData($this->user, $this->username, $this->password); } + $oldSessionID = WCF::getSession()->sessionID; + // change user WCF::getSession()->changeUser($this->user); @@ -71,6 +73,20 @@ class LoginForm extends \wcf\acp\form\LoginForm { $this->checkURL(); $this->saved(); + if (isset($_REQUEST['s']) && $_REQUEST['s'] == $oldSessionID && $oldSessionID != WCF::getSession()->sessionID) { + // force instant redirect to avoid issues with non-cookie login and the already defined SID_ARG_* constants + if (preg_match('~[?&]s=[a-f0-9]{40}~i', $this->url)) { + $this->url = preg_replace('~([?&])s=[a-f0-9]{40}~i', '$1s=' . WCF::getSession()->sessionID, $this->url); + } + else { + $this->url .= (mb_strpos($this->url, '?') === false) ? '?' : '&'; + $this->url .= 's=' . WCF::getSession()->sessionID; + } + + HeaderUtil::redirect($this->url); + exit; + } + // redirect to url WCF::getTPL()->assign('__hideUserMenu', true); HeaderUtil::delayedRedirect($this->url, WCF::getLanguage()->get('wcf.user.login.redirect')); -- 2.20.1