• Registered: 2006-06-28
  • Posts: 5

Topic: Redirect, POST, GET, and the back button

After doing a little searching, I see that one of the major reasons for doing the little <meta http-equiv?> redirect thing is for the user to get a sense of "it actually happened", but perhaps more importantly, to convert a POST request to the redirecting page to a GET request of the page to which they're redirected. Unfortunately, if you set the delay to 0, that's not what's supposed to happen when PHP sends its usual 302 error code for a "Location: ?" header. So this is really two bugs: The Location header must be an absolute URL, and the 302 response really ought to be be a 303.

So if you go into functions.php, in the neighbourhood of line 825 or so, replace the distributed redirect code with the following:

        header('HTTP/1.1 303 See Other') ;
        header('Location: '.$pun_config['o_base_url'].'/'.str_replace('&', '&', $destination_url));

Additionally, since we really "SHOULD provide a short hypertext note" and the new <meta> would be redundant, just get rid of the "exit;", introduce an if statement, and some curly braces around the <meta>:

    if ($pun_config['o_redirect_delay'] != '0') {
?>
<meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('<', '>', '"'), $destination_url) ?>" />
 } ?>

Unfortunately, this has a side effect of breaking logins. So to fix that, I went into login.php and replaced that one huge long line near around 200 that assigns $redirect_url with the following:

//decide where to return to
$redirect_url = '' ;
if(isset($_SERVER['HTTP_REFERER'])) {
    $inforum = false ;
    $phpfile = null ;
    $inforum = preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?\.php(?:\?.*)?)$#i', $_SERVER['HTTP_REFERER'], $phpfile ) ; // if we match, $inforum will be true, and $phpfile will grab the URL
    $redirect_url = $inforum ? $phpfile[1] : '' ; // if we're inforum, then use that URL we got, else just use nothing
}

It is tested and works properly.

Note that I can't give exact line numbers since I'm working off of a rather modified version of PunBB.