View Issue Details

IDProjectCategoryView StatusLast Update
0012754mantisbtotherpublic2011-03-04 07:36
Reporterfeg16 Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version1.2.0rc2 
Summary0012754: Incorrect redirect code
Description

$t_return_page = $_SERVER['SCRIPT_NAME']; is not valid code.
Sample - root folder d:\web_manyprojects and alias isphp=d:\web

Page location - http://isphp/xMantis
On page link for "Log in" - http://isphp/xMantis/login_page.php?return=/xMantis/my_view_page.php
And after authorize, page redirected to http://isphp/xMantis/xMantis/my_view_page.php - this is incorrect

TagsNo tags attached.

Activities

feg16

feg16

2011-02-09 03:02

reporter   ~0028195

This code in html_api.php on line 503. ps sorry my english :)

sneuf

sneuf

2011-03-04 05:47

reporter   ~0028372

Same problem in 1.2.4.

If I click a bug link from mail (like http://server-test/mantis-test/view.php?id=114) with LDAP authentification and no anonymous view allowed and a user is not logged in (cached), I get an return URL with wrong redirect (like http://server-test/mantis-test/login_page.php?return=mantis-test%2Fview.php%3Fid%3D114) with gives after login wrong bug URL with twice the Mantis directory name (like http://server-test/mantis-test/mantis-test%2Fview.php%3Fid%3D114) and Error HTTP 404.

The correct redirect should be without the Mantis root name (like http://server-test/mantis-test/login_page.php?return=view.php%3Fid%3D114) to get it work.

sneuf

sneuf

2011-03-04 07:15

reporter   ~0028373

The problem seems to be that $_SERVER['QUERY_STRING'] gives the Querystring-Path from document root to redirect url.

Redirect URL is then called from mantis root, so the mantis root is twice.

sneuf

sneuf

2011-03-04 07:36

reporter   ~0028374

My problem is in access_api.php Line 88 - 90