From 327ed5b87e492380bc651ed03159ae7cd3a4a493 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 14 Jun 2010 15:51:49 -0400 Subject: [PATCH 1/2] fix URL regex for tags to use UTF-8 --- lib/router.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/router.php b/lib/router.php index f2b2b845f2..fec229c9b6 100644 --- a/lib/router.php +++ b/lib/router.php @@ -263,7 +263,7 @@ class Router $m->connect('tag', array('action' => 'publictagcloud')); $m->connect('tag/:tag/rss', array('action' => 'tagrss'), - array('tag' => '[a-zA-Z0-9]+')); + array('tag' => '[\pL\pN_\-\.]{1,64}')); $m->connect('tag/:tag', array('action' => 'tag'), array('tag' => '[\pL\pN_\-\.]{1,64}')); @@ -749,12 +749,12 @@ class Router $m->connect('tag/:tag/rss', array('action' => 'userrss', 'nickname' => $nickname), - array('tag' => '[a-zA-Z0-9]+')); + array('tag' => '[\pL\pN_\-\.]{1,64}')); $m->connect('tag/:tag', array('action' => 'showstream', 'nickname' => $nickname), - array('tag' => '[a-zA-Z0-9]+')); + array('tag' => '[\pL\pN_\-\.]{1,64}')); $m->connect('rsd.xml', array('action' => 'rsd', @@ -815,12 +815,12 @@ class Router $m->connect(':nickname/tag/:tag/rss', array('action' => 'userrss'), array('nickname' => '[a-zA-Z0-9]{1,64}'), - array('tag' => '[a-zA-Z0-9]+')); + array('tag' => '[\pL\pN_\-\.]{1,64}')); $m->connect(':nickname/tag/:tag', array('action' => 'showstream'), array('nickname' => '[a-zA-Z0-9]{1,64}'), - array('tag' => '[a-zA-Z0-9]+')); + array('tag' => '[\pL\pN_\-\.]{1,64}')); $m->connect(':nickname/rsd.xml', array('action' => 'rsd'), From ce7176d9878e298cd1ed5bc44e97aca5a4a6bc81 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Wed, 16 Jun 2010 12:30:37 -0700 Subject: [PATCH 2/2] Switch OpenID server's redirects from 307 to 303 to avoid prompt for form data resubmission if we were sent here from a POST request, such as when verifying the site for the first time doing an OpenID login from Drupal. --- plugins/OpenID/openidserver.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php index afbca553f5..2a414c4873 100644 --- a/plugins/OpenID/openidserver.php +++ b/plugins/OpenID/openidserver.php @@ -69,9 +69,13 @@ class OpenidserverAction extends Action //cannot prompt the user to login in immediate mode, so answer false $response = $this->generateDenyResponse($request); }else{ - /* Go log in, and then come back. */ + // Go log in, and then come back. + // + // Note: 303 redirect rather than 307 to avoid + // prompting user for form resubmission if we + // were POSTed here. common_set_returnto($_SERVER['REQUEST_URI']); - common_redirect(common_local_url('login')); + common_redirect(common_local_url('login'), 303); return; } }else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){ @@ -90,8 +94,13 @@ class OpenidserverAction extends Action $this->oserver->encodeResponse($denyResponse); //sign the response $_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl(); $_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl(); - //ask the user to trust this trust root - common_redirect(common_local_url('openidtrust')); + + // Ask the user to trust this trust root... + // + // Note: 303 redirect rather than 307 to avoid + // prompting user for form resubmission if we + // were POSTed here. + common_redirect(common_local_url('openidtrust'), 303); return; } }else{