WebGUI - login to system strips arguments from URL - Content Management System Website - CMS - Open Source Content Management System Website - Website System - Content Management System (CMS) | Open Source Content Management Software | Application Framework | WebGUI - Content Management System Website | CMS | WebGUI | Open Source Content Management System Website

Username Password

Home Features Sightings Download Partners Community

Community Support
Wiki
Forums
Report A Bug
Request Features
WebGUI 8
WebGUI TV
Marketplace
Calendar
webGUI in the news
Karma
API Docs
Roadmap
the people behind wg
webgui worldwide
Mascot
wallpapers
Stats
powered by icons

View All Tickets

Issue

Background: Issue 9878.

Problem: We have run into a situation where we are passing arguments through the url address to a page that then requires the user to login.

i.e. http://happysite.com/donatemoney?motivation=12345

The login is through the LoginToggle macro. We have confirmed that the URL.pm module intentionally strips off the argurments if any are passed with a url address after the user is logged in. The result is that passed arguments on a url are stripped after login occurs.

i.e. Now becomes: http://happysite.com/donatemoney

In the 9878 issue, I had asked if this was considered a bug by PlainBlack, but was directed to make the decision myself. Based on that feedback, I am filing this as a bug, since our clients are reporting this as a bug to us given the set up of their pages.

The client has a store that they set up, and we pass a stockcode as an argument on the url address to another page. If the client logs in or is forced to login using the LoginToggle macro, the argument is stripped from the url and the resulting call comes back in error since the critical piece of information that we pass to our API call was in the url argument.

We have a local patch for this, but would like to see this fixed in WebGUI stable version.

Thanks!

Jon

We are running webgui version 7.4 on linux.

Comments

perlDreamer 5/19/2009 12:05 pm	So what happens if someone passes in the URL parameters ?func=purgeList;assetId=PBasset000000000000001 I don't think this is a bug, or a good idea.
preaction 6/8/2009 10:52 am	If this is in custom code, you should use $self->session->privilege->noAccess instead of $self->session->privilege->insufficient to show an error message for users that are not logged in. Then, when the user fills in the login form, they are taken to the correct URL they initially requested.
preaction 6/8/2009 10:54 am	(I should say, with the query parameters intact)
perlDreamer 6/8/2009 3:18 pm	Moved this into the RFE board.

Details

Ticket Status	Pending
Rating
Submitted By	jdrockho
Date Submitted	2009-03-16
Assigned To	unassigned
Date Assigned	2010-07-31
Assigned By
What to improve?
URL	bugs/tracker/9959

Karma

Difficulty	1
Karma So Far	0
Karma Rank	0.00

Keywords

Ticket History

3/16/2009
6:52 PM

Ticket created

jdrockho