Item9790: Add redirectto to bulkRegister action.

Allowing some control over which page shows after bulk register is needed before any moderinzation can happen. Hardcoded redirect to the Log topic is not very helpful.
foswiki · Feb 29, 2016 · d974f87 · d974f87
1 parent 76b4059
commit d974f87
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/core/data/System/CommandAndCGIScripts.txt b/core/data/System/CommandAndCGIScripts.txt
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="ProjectContributor" date="1448477054" format="1.1" version="1"}%
+%META:TOPICINFO{author="ProjectContributor" date="1456765822" format="1.1" version="1"}%
 %META:TOPICPARENT{name="DeveloperDocumentationCategory"}%
 %STARTINCLUDE%
 ---+ CGI and Command Line Scripts
@@ -221,6 +221,8 @@ See BulkRegistration.
 | *Parameter* | *Description* | *Default* |
 | =logtopic= | Topic to save the log in | _same as topic name, with 'Result' appended_ |
 | =overwritehometopics= | Whether to overwrite existing home topics or not | _do not overwrite_ |
+| =redirectto= | Redirect to this topic or URL after successfully running the bulkRegister function. The parameter value can be a =TopicName=, a =Web.TopicName=, or a URL.%BR% \
+*Note:* Redirect to a URL only works if it is enabled in =configure= (Expert setting: Security and Authentication > Environment > ={AllowRedirectUrl}=). | =logtopic= |
 
 ---++++ =action=changePassword=
 Change password, email address, or both, of a user.
@@ -230,7 +232,7 @@ Change password, email address, or both, of a user.
 | =password= | new password | |
 | =passwordA= | new password confirmation | _required if =password= is given_ |
 | =username= | login name of user to change password/email for | _required_ |
-=password, =passwordA= and =email= are optional. If neither or =password= and =passwordA= is set, then the user password is left unchanged. If =email= is unset, their email is left unchanged.
+=password=, =passwordA= and =email= are optional. If neither or =password= and =passwordA= is set, then the user password is left unchanged. If =email= is unset, their email is left unchanged.
 
 ---++++ =action=resetPassword=
 Reset the password for a single or multiple users

diff --git a/core/lib/Foswiki.spec b/core/lib/Foswiki.spec
@@ -1023,7 +1023,7 @@ $Foswiki::cfg{RemovePortNumber} = $FALSE;
 
 # **BOOLEAN LABEL="Allow Redirect Url" EXPERT**
 # Allow the use of URLs in the =redirectto= parameter to the
-# =save= script, and in =topic= parameter to the
+# =save= and =rest= scripts, the =bulkRegister= action and in =topic= parameter to the
 # =view= script. *WARNING:* Enabling this feature makes it
 # very easy to build phishing pages using the wiki, so in general,
 # public sites should *not* enable it. Note: It is possible to

diff --git a/core/lib/Foswiki/UI/Register.pm b/core/lib/Foswiki/UI/Register.pm
@@ -452,8 +452,10 @@ sub bulkRegister {
 
     $session->leaveContext('absolute_urls');
 
-    my $nurl = $session->getScriptUrl( 1, 'view', $web, $logTopic );
-    $session->redirect($nurl);
+    # Use Foswiki::redirectto to validate redirectto query param
+    # and fall back to the $logTopic if the param is not provided.
+    my $redirecturl = $session->redirectto($logTopic);
+    $session->redirect($redirecturl);
 }
 
 # Register a single user during a bulk registration process