From: Evan Prodromou <evan@status.net>
Date: Mon, 11 Jan 2010 08:40:22 +0000 (+0000)
Subject: inject session before redirect for login
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=5ec25a9691cac0f7bfa02fb2f6237f91fc1a2e82;hp=ae7469a127a3d95237085335b46077460c536814;p=quix0rs-gnu-social.git

inject session before redirect for login
---

diff --git a/actions/login.php b/actions/login.php
index 9c47d88b14..8ea3c800b7 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -103,6 +103,15 @@ class LoginAction extends Action
         // CSRF protection - token set in NoticeForm
         $token = $this->trimmed('token');
         if (!$token || $token != common_session_token()) {
+	    $st = common_session_token();
+	    if (empty($token)) {
+		common_log(LOG_WARNING, 'No token provided by client.');
+	    } else if (empty($st)) {
+		common_log(LOG_WARNING, 'No session token stored.');
+	    } else {
+		common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st);
+	    }
+
             $this->clientError(_('There was a problem with your session token. '.
                                  'Try again, please.'));
             return;
@@ -135,6 +144,7 @@ class LoginAction extends Action
         if ($url) {
             // We don't have to return to it again
             common_set_returnto(null);
+	    $url = common_inject_session($url);
         } else {
             $url = common_local_url('all',
                                     array('nickname' =>