flash[:notice] = t("users.new.terms declined", :url => t("users.new.terms declined url")).html_safe if current_user.save
if params[:referer]
- redirect_to params[:referer]
+ redirect_to safe_referer(params[:referer])
else
redirect_to :action => :account, :display_name => current_user.display_name
end
end
if params[:referer]
- redirect_to params[:referer]
+ redirect_to safe_referer(params[:referer])
else
redirect_to :action => :account, :display_name => current_user.display_name
end
def new
@title = t "users.new.title"
- @referer = params[:referer] || session[:referer]
+ @referer = if params[:referer]
+ safe_referer(params[:referer])
+ else
+ session[:referer]
+ end
append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
self.current_user = User.new(user_params)
if check_signup_allowed(current_user.email)
- session[:referer] = params[:referer]
+ session[:referer] = safe_referer(params[:referer]) if params[:referer]
+
+ Rails.logger.info "create: #{session[:referer]}"
current_user.status = "pending"
end
def login
- session[:referer] = params[:referer] if params[:referer]
+ session[:referer] = safe_referer(params[:referer]) if params[:referer]
if params[:username].present? && params[:password].present?
session[:remember_me] ||= params[:remember_me]
session.delete(:user)
session_expires_automatically
if params[:referer]
- redirect_to params[:referer]
+ redirect_to safe_referer(params[:referer])
else
redirect_to :controller => "site", :action => "index"
end
user.email_valid = true
flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
user.save!
- referer = token.referer
+ referer = safe_referer(token.referer) if token.referer
token.destroy
if session[:token]
gravatar_enabled = gravatar_enable(current_user)
if current_user.save
flash[:notice] = if gravatar_enabled
- t("users.confirm_email.success") + " " + gravatar_status_message(current_user)
+ "#{t('users.confirm_email.success')} #{gravatar_status_message(current_user)}"
else
t("users.confirm_email.success")
end
##
# omniauth failure callback
def auth_failure
- flash[:error] = t("users.auth_failure." + params[:message])
+ flash[:error] = t("users.auth_failure.#{params[:message]}")
redirect_to params[:origin] || login_url
end
if referer.nil?
params[:origin] = request.path
else
- params[:origin] = request.path + "?referer=" + CGI.escape(referer)
+ params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
params[:referer] = referer
end
projects / rails.git / blobdiff