Decided we didn't need to keep the token secret in the

[quix0rs-gnu-social.git] / index.php

diff --git a/index.php b/index.php
index 997ee6197f27a1b55e222dc932def5f24a4dbd79..b5edc0f947b4e2c0ddb9d1e92a282e64db8db00d 100644 (file)
--- a/index.php
+++ b/index.php
@@ -29,7 +29,7 @@
  * @author   Robin Millette <millette@controlyourself.ca>
  * @author   Sarven Capadisli <csarven@controlyourself.ca>
  * @author   Tom Adams <tom@holizz.com>
- * 
+ *
  * @license  GNU Affero General Public License http://www.gnu.org/licenses/
  */
 
@@ -278,6 +278,20 @@ function main()
         && !preg_match('/rss$/', $action)
         && !preg_match('/^Api/', $action)
     ) {
+        // set returnto
+        $rargs =& common_copy_args($args);
+        unset($rargs['action']);
+        if (common_config('site', 'fancy')) {
+            unset($rargs['p']);
+        }
+        if (array_key_exists('submit', $rargs)) {
+            unset($rargs['submit']);
+        }
+        foreach (array_keys($_COOKIE) as $cookie) {
+            unset($rargs[$cookie]);
+        }
+        common_set_returnto(common_local_url($action, $rargs));
+
         common_redirect(common_local_url('login'));
         return;
     }