View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0013060 | mantisbt | authentication | public | 2011-06-07 09:37 | 2014-09-23 18:05 |
Reporter | Lapinkiller | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | sometimes |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.5 | ||||
Target Version | 1.2.9 | Fixed in Version | 1.2.9 | ||
Summary | 0013060: links from excel to mantis | ||||
Description | Hi, In a excel file (office 2003) i have links to bugs, attachments etc... If I'm not authenticated on mantis, Mantis ask me to authenticate, and redirect me to the link (as a bug or an attachment). If I click on a second link (I'm still authenticated, I'm redirected to view page instead of the bug or the attachment... I can see, the url is modified ( {mantisurl}/view.php?bug_id=1 to {mantisurl}/login_page.php?return={mantisurl}/view.php?bug_id=1 ) I tried with and without options : "remember me" & "secure session" and still have the problem... But sometimes there is no problem... | ||||
Additional Information | tried on | ||||
Tags | patch | ||||
Attached Files | return-parameter-is-ignored-when-already-auth.patch (1,450 bytes)
From 6d28cf5925bdb86d4b26e1ce866d3f1d01aa3948 Mon Sep 17 00:00:00 2001 From: Lapinkiller <lapinkiller@hotmail.fr> Date: Fri, 10 Jun 2011 13:23:41 +0200 Subject: [PATCH] login_page.php return parameter is ignored, when already logged in mantis#13065 ; mantis#13060 --- login_page.php | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/login_page.php b/login_page.php index cb7db04..0efa988 100644 --- a/login_page.php +++ b/login_page.php @@ -28,10 +28,6 @@ */ require_once( 'core.php' ); - if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) { - print_header_redirect( config_get( 'default_home_page' ) ); - } - $f_error = gpc_get_bool( 'error' ); $f_cookie_error = gpc_get_bool( 'cookie_error' ); $f_return = string_sanitize_url( gpc_get_string( 'return', '' ) ); @@ -42,6 +38,18 @@ $t_session_validation = ( ON == config_get_global( 'session_validation' ) ); + //If user is already authenticated and if it isn't anonymous + if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) { + + if($f_return !== ''){//If return URL is specified + print_header_redirect( $f_return ); + }else{ + print_header_redirect( config_get( 'default_home_page' ) ); + } + } + + + # Check for automatic logon methods where we want the logon to just be handled by login.php if ( auth_automatic_logon_bypass_form() ) { $t_uri = "login.php"; -- 1.7.4.msysgit.0 return-parameter-is-ignored-when-already-auth.patch-2.txt (1,470 bytes)
From 6d28cf5925bdb86d4b26e1ce866d3f1d01aa3948 Mon Sep 17 00:00:00 2001 From: Lapinkiller <lapinkiller@hotmail.fr> Date: Fri, 10 Jun 2011 13:23:41 +0200 Subject: [PATCH] login_page.php return parameter is ignored, when already logged in mantis#13065 ; mantis#13060 --- login_page.php | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/login_page.php b/login_page.php index cb7db04..0efa988 100644 --- a/login_page.php +++ b/login_page.php @@ -28,10 +28,6 @@ */ require_once( 'core.php' ); - if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) { - print_header_redirect( config_get( 'default_home_page' ) ); - } - $f_error = gpc_get_bool( 'error' ); $f_cookie_error = gpc_get_bool( 'cookie_error' ); $f_return = string_sanitize_url( gpc_get_string( 'return', '' ) ); @@ -42,6 +38,18 @@ $t_session_validation = ( ON == config_get_global( 'session_validation' ) ); + //If user is already authenticated and if it isn't anonymous + if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) { + + if($f_return !== ''){//If return URL is specified + print_header_redirect( $f_return, false, false, true ); + }else{ + print_header_redirect( config_get( 'default_home_page' ) ); + } + } + + + # Check for automatic logon methods where we want the logon to just be handled by login.php if ( auth_automatic_logon_bypass_form() ) { $t_uri = "login.php"; -- 1.7.4.msysgit.0 | ||||
I've found that if I paste a link to a bug id into eg a mail document, the link works fine. |
|
If the solution is found, please post also to the forum |
|
i have investigate : when the link is open via Excel, Mantis doesn't see the cookie MANTIS_COOKIE_STRING ... but it exists... about the hidden cookie : http://stackoverflow.com/questions/1299632/using-a-query-string-in-an-excel-hyperlink-to-an-asp-net-web-application Why mantis try to get cookie and not try to get php session ??? (with a flag in session that confirm we are authenticated) |
|
patch attached ! |
|
no feedack about my patch ? |
|
@Lapinkiller: sorry for the lack of feedback. Could you submit a pull request on GitHub ? That should be more visible ... |
|
I installed your patch in Mantis 1.2.8, but unfortunately it does not resolve the issue. Now all links clicked in an external application (Excel, Word, desktop URL shortcuts etc) go to this URL: http://mantis.my.domain.com/mantis//mantis/view.php?id=123 instead to http://mantis.my.domain.com/mantis/view.php?id=123 Can you help? |
|
@rombert, as i said on another bug, i cannot do easily pull request due to the proxy @funta222 it's seems, there is a bug when mantis is not installed at the root of the domain... my patch use mantis core functions et variable... it just use the variable $f_return instead of go ignoring it and go to home page... i have reproduced the problem and i have found a solution : EDIT 1 : in login_page.php, on lines if($f_return !== ''){//If return URL is specified => replace with i will submit a new patch ;) EDIT 2 : |
|
Hi Lapinkiller, Thanks! Finally i can use this |
|
I was not able to reproduce the error you describe myself, but I'll take your word for it, considering that it was confirmed by other users. Many thanks for the patch ! I have applied it with some minor changes to 1.2.x and master |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master 6a9adc66 2011-06-10 00:23 Details Diff |
login_page.php return param is ignored when already logged in This prevents proper behavior when links to bugs are used from an external application after the initial authentication Fixes 0013060 Aligned form variables initialization for better code readability Signed-off-by: Damien Regad <damien.regad@merckgroup.com> |
Affected Issues 0013060 |
|
mod - login_page.php | Diff File | ||
MantisBT: master-1.2.x bbebc4e3 2011-06-10 00:23 Details Diff |
login_page.php return param is ignored when already logged in This prevents proper behavior when links to bugs are used from an external application after the initial authentication Fixes 0013060 Aligned form variables initialization for better code readability Signed-off-by: Damien Regad <damien.regad@merckgroup.com> |
Affected Issues 0013060 |
|
mod - login_page.php | Diff File | ||
MantisBT: master 453e7d8f 2011-11-24 10:16 Details Diff |
Fix syntax error Introduced in 6a9adc66ba7c27f0f68d02922bd59cfa1a8763f9, forgot to git add before commit... Fixes 0013060 |
Affected Issues 0013060 |
|
mod - login_page.php | Diff File | ||
MantisBT: master-1.2.x 5d1febbe 2011-11-24 10:16 Details Diff |
Fix syntax error Introduced in bbebc4e3666eabe91938bcd9251933568a7aa031, forgot to git add before commit... Fixes 0013060 |
Affected Issues 0013060 |
|
mod - login_page.php | Diff File |