Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUG If BackURL set, validation errors send the user to wrong place.

If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.

Instead of this, just redirect back to the "changepassword" action
on the Security controller.
  • Loading branch information...
commit 83bff54ec2ea1ba056cb40a5f0f615c5a91b5245 1 parent 53115d9
@halkyon halkyon authored
Showing with 12 additions and 5 deletions.
  1. +12 −5 security/ChangePasswordForm.php
View
17 security/ChangePasswordForm.php
@@ -25,7 +25,7 @@ public function __construct($controller, $name, $fields = null, $actions = null)
} else {
$backURL = Session::get('BackURL');
}
-
+
if(!$fields) {
$fields = new FieldList();
@@ -67,7 +67,8 @@ public function doChangePassword(array $data) {
_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
"bad"
);
- $this->controller->redirectBack();
+ // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
+ $this->controller->redirect($this->controller->Link('changepassword'));
return;
}
}
@@ -91,7 +92,9 @@ public function doChangePassword(array $data) {
$this->sessionMessage(
_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
"bad");
- $this->controller->redirectBack();
+
+ // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
+ $this->controller->redirect($this->controller->Link('changepassword'));
return;
}
else if($data['NewPassword1'] == $data['NewPassword2']) {
@@ -127,7 +130,9 @@ public function doChangePassword(array $data) {
),
"bad"
);
- $this->controller->redirectBack();
+
+ // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
+ $this->controller->redirect($this->controller->Link('changepassword'));
}
} else {
@@ -135,7 +140,9 @@ public function doChangePassword(array $data) {
$this->sessionMessage(
_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
"bad");
- $this->controller->redirectBack();
+
+ // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
+ $this->controller->redirect($this->controller->Link('changepassword'));
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.