Merge in Phergie changes

[quix0rs-gnu-social.git] / plugins / OpenID / openidserver.php

diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php
index 0e16881c5fa62706b4b62c875b8d118024ac92f5..b2cf1f8ac35fc3bed4351b7ec508a90ba99f6d31 100644 (file)
--- a/plugins/OpenID/openidserver.php
+++ b/plugins/OpenID/openidserver.php
@@ -71,7 +71,11 @@ class OpenidserverAction extends Action
                     //cannot prompt the user to login in immediate mode, so answer false
                     $response = $this->generateDenyResponse($request);
                 }else{
-                    /* Go log in, and then come back. */
+                    // Go log in, and then come back.
+                    //
+                    // Note: 303 redirect rather than 307 to avoid
+                    // prompting user for form resubmission if we
+                    // were POSTed here.
                     common_set_returnto($_SERVER['REQUEST_URI']);
                     common_redirect(common_local_url('login'), 303);
                     return;
@@ -92,7 +96,12 @@ class OpenidserverAction extends Action
                         $this->oserver->encodeResponse($denyResponse); //sign the response
                         $_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl();
                         $_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl();
-                        //ask the user to trust this trust root
+
+                        // Ask the user to trust this trust root...
+                        //
+                        // Note: 303 redirect rather than 307 to avoid
+                        // prompting user for form resubmission if we
+                        // were POSTed here.
                         common_redirect(common_local_url('openidtrust'), 303);
                         return;
                     }