Skip to content

Commit

Permalink
BUG If BackURL set, validation errors send the user to wrong place.
Browse files Browse the repository at this point in the history 
If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.

Instead of this, just redirect back to the "changepassword" action
on the Security controller.
  • Loading branch information
Sean Harvey committed Jun 7, 2013
1 parent 53115d9 commit 83bff54
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions security/ChangePasswordForm.php
View file
Expand Up @@ -25,7 +25,7 @@ public function __construct($controller, $name, $fields = null, $actions = null)
} else {
$backURL = Session::get('BackURL');
}

if(!$fields) {
$fields = new FieldList();

Expand Down Expand Up @@ -67,7 +67,8 @@ public function doChangePassword(array $data) {
_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
"bad"
);
$this->controller->redirectBack();
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
return;
}
}
Expand All @@ -91,7 +92,9 @@ public function doChangePassword(array $data) {
$this->sessionMessage(
_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
"bad");
$this->controller->redirectBack();

// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
return;
}
else if($data['NewPassword1'] == $data['NewPassword2']) {
Expand Down Expand Up @@ -127,15 +130,19 @@ public function doChangePassword(array $data) {
),
"bad"
);
$this->controller->redirectBack();

// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
}

} else {
$this->clearMessage();
$this->sessionMessage(
_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
"bad");
$this->controller->redirectBack();

// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
}
}

Expand Down

0 comments on commit 83bff54

Please sign in to comment.