summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/router.php10
-rw-r--r--plugins/OpenID/openidserver.php17
2 files changed, 18 insertions, 9 deletions
diff --git a/lib/router.php b/lib/router.php
index f2b2b845f..fec229c9b 100644
--- a/lib/router.php
+++ b/lib/router.php
@@ -263,7 +263,7 @@ class Router
$m->connect('tag', array('action' => 'publictagcloud'));
$m->connect('tag/:tag/rss',
array('action' => 'tagrss'),
- array('tag' => '[a-zA-Z0-9]+'));
+ array('tag' => '[\pL\pN_\-\.]{1,64}'));
$m->connect('tag/:tag',
array('action' => 'tag'),
array('tag' => '[\pL\pN_\-\.]{1,64}'));
@@ -749,12 +749,12 @@ class Router
$m->connect('tag/:tag/rss',
array('action' => 'userrss',
'nickname' => $nickname),
- array('tag' => '[a-zA-Z0-9]+'));
+ array('tag' => '[\pL\pN_\-\.]{1,64}'));
$m->connect('tag/:tag',
array('action' => 'showstream',
'nickname' => $nickname),
- array('tag' => '[a-zA-Z0-9]+'));
+ array('tag' => '[\pL\pN_\-\.]{1,64}'));
$m->connect('rsd.xml',
array('action' => 'rsd',
@@ -815,12 +815,12 @@ class Router
$m->connect(':nickname/tag/:tag/rss',
array('action' => 'userrss'),
array('nickname' => '[a-zA-Z0-9]{1,64}'),
- array('tag' => '[a-zA-Z0-9]+'));
+ array('tag' => '[\pL\pN_\-\.]{1,64}'));
$m->connect(':nickname/tag/:tag',
array('action' => 'showstream'),
array('nickname' => '[a-zA-Z0-9]{1,64}'),
- array('tag' => '[a-zA-Z0-9]+'));
+ array('tag' => '[\pL\pN_\-\.]{1,64}'));
$m->connect(':nickname/rsd.xml',
array('action' => 'rsd'),
diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php
index afbca553f..2a414c487 100644
--- a/plugins/OpenID/openidserver.php
+++ b/plugins/OpenID/openidserver.php
@@ -69,9 +69,13 @@ class OpenidserverAction extends Action
//cannot prompt the user to login in immediate mode, so answer false
$response = $this->generateDenyResponse($request);
}else{
- /* Go log in, and then come back. */
+ // Go log in, and then come back.
+ //
+ // Note: 303 redirect rather than 307 to avoid
+ // prompting user for form resubmission if we
+ // were POSTed here.
common_set_returnto($_SERVER['REQUEST_URI']);
- common_redirect(common_local_url('login'));
+ common_redirect(common_local_url('login'), 303);
return;
}
}else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){
@@ -90,8 +94,13 @@ class OpenidserverAction extends Action
$this->oserver->encodeResponse($denyResponse); //sign the response
$_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl();
$_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl();
- //ask the user to trust this trust root
- common_redirect(common_local_url('openidtrust'));
+
+ // Ask the user to trust this trust root...
+ //
+ // Note: 303 redirect rather than 307 to avoid
+ // prompting user for form resubmission if we
+ // were POSTed here.
+ common_redirect(common_local_url('openidtrust'), 303);
return;
}
}else{