Contrib.social

Accessing a link with a destination parameter

Open on Drupal.org β†’
Created on 16 April 2024, 12 months ago

Problem/Motivation

When a user with a "destination" parameter in their access link logs in, they are redirected to that "destination" directly instead of the intended link.

Steps to reproduce

  1. Logout
  2. Go to a link with a destination parameter, for example: /node/add/article?destination=/
  3. Login as a user with access.
  4. Got redirected to the front page instead of the Article creation page (and then the front page after submission of the form) as intended.

Proposed resolution

URL-encode the given destination parameter, so it is not used directly.

πŸ› Bug report
Status

Active

Version

2.2

Component

Code

Created by

πŸ‡¨πŸ‡¦Canada samalander

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @samalander
  • First commit to issue fork.
  • Comment 5 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States tommyk

    I'm not sure if this is the right approach, but if we add a condition to check if there was an existing destination parameter, we can keep it and it will be URL-encoded so that it comes through well.

  • Comment 5 months ago β†’
    πŸ‡¨πŸ‡¦Canada samalander

    Sounds like it would take care of the problem.

    But maybe all URL parameters should be URL-encoded, so they get passed to the right place; not just destination. In my case, destination was causing issue, but other parameters could cause other kinds of problems.

  • Comment 5 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States tommyk

    I'm not really familiar with this module, just exploring it before I decide to use it. It seems to me that any other existing query string is concatenated into the $destination variable that I wrapped in urlencode(). See: https://git.drupalcode.org/issue/r4032login-3441317/-/blob/2.2.x/src/Eve...

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024