Fix for ticket #1039. The problem was, as Bryan76 pointed out, with p…

…assing the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url.
gallery · Jun 11, 2010 · bbbb356 · bbbb356
1 parent bb35aef
commit bbbb356
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
@@ -22,13 +22,16 @@ public function index() {
     access::verify_csrf();
     auth::logout();
     if ($continue_url = Input::instance()->get("continue")) {
-      $item = url::get_item_from_uri($continue_url);
+      $components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4);
+      $item = url::get_item_from_uri($components[3]);
       if (access::can("view", $item)) {
         // Don't use url::redirect() because it'll call url::site() and munge the continue url.
-        header("Location: $continue_url");
+        header("Location: {$item->relative_url()}");
       } else {
         url::redirect(item::root()->abs_url());
       }
+    } else {
+        url::redirect(item::root()->abs_url());
     }
   }
 }