From 076f0e00a75c76dbd2f102d1a1fe4ea7b0c953cf Mon Sep 17 00:00:00 2001 From: Molkobain Date: Sun, 18 Jul 2021 22:58:33 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B04178=20-=20Stay=20on=20the=20same=20page?= =?UTF-8?q?=20when=20logging=20again=20from=20the=20"Login=20again"=20prom?= =?UTF-8?q?pt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- js/pages/backoffice/on-ready.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/js/pages/backoffice/on-ready.js b/js/pages/backoffice/on-ready.js index 93949c2f6..fb78465fe 100644 --- a/js/pages/backoffice/on-ready.js +++ b/js/pages/backoffice/on-ready.js @@ -15,7 +15,7 @@ $(document).ready(function () { }); // - Error messages regarding the error code $(document).ajaxError(function (event, jqxhr, options) { - // User is not logged ing + // User is not logged in if (jqxhr.status == 401) { const oUserDisconnectedDialog = $('#ibo-user-disconnected-dialog'); // Create dialog widget if not already instantiated @@ -32,7 +32,14 @@ $(document).ready(function () { { text: Dict.S('UI:LoginAgain'), click: function () { - window.location.href = GetAbsoluteUrlAppRoot()+'pages/UI.php' + try { + // Try to reload the page so the login form redirects on the current page automatically + // Note: We don't use window.location.reload() as it could be a potential vulnerability. Indeed, if the previous page was a login form, the data would be posted as-is again without prompting the user, auto-logging them, which would give access to the foe. + window.location.href = CombodoGlobalToolbox.AddParameterToUrl(window.location.href, 'login_again', Date.now()); + } catch (oError) { + // In case of exception, redirect to the login page + window.location.href = GetAbsoluteUrlAppRoot()+'pages/UI.php'; + } } }, {