Revision 63b5c301
Von Moritz Bunkus vor mehr als 10 Jahren hinzugefügt
| SL/Dispatcher.pm | ||
|---|---|---|
| 131 | 131 |
$::locale = Locale->new($::myconfig{countrycode});
|
| 132 | 132 |
$::form->{error} = $::locale->text('The session is invalid or has expired.') if ($error_type eq 'session');
|
| 133 | 133 |
$::form->{error} = $::locale->text('Incorrect password!') if ($error_type eq 'password');
|
| 134 |
$::form->{error} = $::locale->text('The action is missing or invalid.') if ($error_type eq 'action');
|
|
| 134 | 135 |
|
| 135 | 136 |
return render_error_ajax($::form->{error}) if $::request->is_ajax;
|
| 136 | 137 |
|
| ... | ... | |
| 236 | 237 |
$::form->read_cgi_input; |
| 237 | 238 |
|
| 238 | 239 |
my %routing; |
| 239 |
eval { %routing = _route_request($ENV{SCRIPT_NAME}); 1; } or return;
|
|
| 240 |
eval { %routing = $self->_route_request($ENV{SCRIPT_NAME}); 1; } or return;
|
|
| 240 | 241 |
($routing_type, $script_name, $action) = @routing{qw(type controller action)};
|
| 241 | 242 |
$::lxdebug->log_request($routing_type, $script_name, $action); |
| 242 | 243 |
|
| ... | ... | |
| 275 | 276 |
if ( (($script eq 'login') && !$action) |
| 276 | 277 |
|| ($script eq 'admin') |
| 277 | 278 |
|| (SL::Auth::SESSION_EXPIRED() == $session_result)) {
|
| 278 |
$self->redirect_to_login($script);
|
|
| 279 |
$self->redirect_to_login(script => $script, error => 'session');
|
|
| 279 | 280 |
|
| 280 | 281 |
} |
| 281 | 282 |
|
| ... | ... | |
| 338 | 339 |
} |
| 339 | 340 |
|
| 340 | 341 |
sub redirect_to_login {
|
| 341 |
my ($self, $script) = @_; |
|
| 342 |
my $action = $script =~ m/^admin/i ? 'Admin/login' : 'LoginScreen/user_login&error=session'; |
|
| 342 |
my ($self, %params) = @_; |
|
| 343 |
my $action = ($params{script} // '') =~ m/^admin/i ? 'Admin/login' : 'LoginScreen/user_login';
|
|
| 344 |
$action .= '&error=' . $params{error} if $params{error};
|
|
| 345 |
|
|
| 343 | 346 |
print $::request->cgi->redirect("controller.pl?action=${action}");
|
| 344 | 347 |
::end_of_request(); |
| 345 | 348 |
} |
| ... | ... | |
| 362 | 365 |
} |
| 363 | 366 |
|
| 364 | 367 |
sub _route_request {
|
| 365 |
my $script_name = shift;
|
|
| 368 |
my ($self, $script_name) = @_;
|
|
| 366 | 369 |
|
| 367 |
return $script_name =~ m/dispatcher\.pl$/ ? (type => 'old', _route_dispatcher_request())
|
|
| 368 |
: $script_name =~ m/controller\.pl/ ? (type => 'controller', _route_controller_request())
|
|
| 370 |
return $script_name =~ m/dispatcher\.pl$/ ? (type => 'old', $self->_route_dispatcher_request)
|
|
| 371 |
: $script_name =~ m/controller\.pl/ ? (type => 'controller', $self->_route_controller_request)
|
|
| 369 | 372 |
: (type => 'old', controller => $script_name, action => $::form->{action});
|
| 370 | 373 |
} |
| 371 | 374 |
|
| 372 | 375 |
sub _route_dispatcher_request {
|
| 376 |
my ($self) = @_; |
|
| 373 | 377 |
my $name_re = qr{[a-z]\w*};
|
| 374 | 378 |
my ($script_name, $action); |
| 375 | 379 |
|
| ... | ... | |
| 400 | 404 |
} |
| 401 | 405 |
|
| 402 | 406 |
sub _route_controller_request {
|
| 407 |
my ($self) = @_; |
|
| 403 | 408 |
my ($controller, $action, $request_type); |
| 404 | 409 |
|
| 405 | 410 |
eval {
|
| 411 |
# Redirect simple requests to controller.pl without any GET/POST |
|
| 412 |
# param to the login page. |
|
| 413 |
$self->redirect_to_login(error => 'action') if !$::form->{action};
|
|
| 414 |
|
|
| 415 |
# Show an error if the »action« parameter doesn't match the |
|
| 416 |
# pattern »Controller/action«. |
|
| 406 | 417 |
$::form->{action} =~ m|^ ( [A-Z] [A-Za-z0-9_]* ) / ( [a-z] [a-z0-9_]* ) ( \. [a-zA-Z]+ )? $|x || die "Unroutable request -- invalid controller/action.\n";
|
| 407 | 418 |
($controller, $action) = ($1, $2); |
| 408 | 419 |
delete $::form->{action};
|
Auch abrufbar als: Unified diff
Dispatcher: Requests auf controller.pl ohne action auf Loginseite redirecten
Ist hilfreich, wenn man aus der Browserhistory einen Link wie
http://…/kivitendo/controller.pl aufruft. Bisher wurde nur eine böse
Fehlerseite angezeigt.