Index: openacs-4/packages/xowiki/tcl/package-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/package-procs.tcl,v diff -u -r1.332.2.3 -r1.332.2.4 --- openacs-4/packages/xowiki/tcl/package-procs.tcl 25 Mar 2019 19:15:00 -0000 1.332.2.3 +++ openacs-4/packages/xowiki/tcl/package-procs.tcl 1 Apr 2019 15:21:26 -0000 1.332.2.4 @@ -1002,6 +1002,10 @@ set index_link [:make_link -privilege public -link "" ${:id} {} {}] set link [:query_parameter "return_url" ""] if {$link ne ""} {set back_link $link} + if {[util::external_url $link]} { + set link "" + unset back_link + } set top_includelets ""; set content $error_msg; set folderhtml "" ::xo::cc set status_code $status_code ::xo::Page requireCSS urn:ad:css:xowiki Index: openacs-4/packages/xowiki/tcl/xowiki-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/xowiki-procs.tcl,v diff -u -r1.542.2.7 -r1.542.2.8 --- openacs-4/packages/xowiki/tcl/xowiki-procs.tcl 29 Mar 2019 11:26:41 -0000 1.542.2.7 +++ openacs-4/packages/xowiki/tcl/xowiki-procs.tcl 1 Apr 2019 15:21:26 -0000 1.542.2.8 @@ -1266,6 +1266,20 @@ Page instforward form_parameter {%set :package_id} %proc Page instforward exists_form_parameter {%set :package_id} %proc + Page insproc get_query_parameter_return_url {{default ""}} { + # + # Get the return_url from query parameters and check, if this is + # local. + # + set return_url [:query_parameter "return_url" $default] + if {[util::external_url $return_url]} { + ad_return_complaint 1 "Page '${:name}' non-local return_url was specified" + ad_script_abort + } + return $return_url + } + + # Page instproc init {} { # :log "--W " # ::xo::show_stack Index: openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl,v diff -u -r1.368.2.7 -r1.368.2.8 --- openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl 31 Mar 2019 11:18:00 -0000 1.368.2.7 +++ openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl 1 Apr 2019 15:21:26 -0000 1.368.2.8 @@ -392,9 +392,7 @@ } # do real deletion via package $package_id delete_revision -revision_id ${:revision_id} -item_id $item_id - # Take care about UI specific stuff.... - set redirect [:query_parameter "return_url" \ - [export_vars -base [$package_id url] {{m revisions}}]] + if {$live_revision == ${:revision_id}} { # latest revision might have changed by delete_revision, so we have to fetch here xo::dc 1row -prepare integer get_revision {select latest_revision from cr_items where item_id = :item_id} @@ -665,7 +663,7 @@ set fs_folder_id [:edit_set_file_selector_folder] if {[$package_id exists_query_parameter "return_url"]} { - set submit_link [:query_parameter "return_url" "."] + set submit_link [:get_query_parameter_return_url] set return_url $submit_link } else { # @@ -946,7 +944,7 @@ #array set __ia ${:instance_attributes} :load_values_into_form_fields $form_fields - + foreach f $form_fields {set ff([$f name]) $f } # @@ -1089,10 +1087,11 @@ :render_form_action_buttons -CSSclass [string trim "$button_class(wym) $button_class(xinha)"] } + if {$formNode ne ""} { if {[:exists_query_parameter "return_url"]} { - set return_url [:query_parameter "return_url"] + set return_url [:get_query_parameter_return_url] } else { # # When no return_url is specified and we edit a page different @@ -1446,7 +1445,9 @@ } else { set status_code 406 foreach f $form_fields { - if {[$f error_msg] ne ""} {set error [::xo::localize [$f error_msg] 1]} + if {[$f error_msg] ne ""} { + set error [::xo::localize [$f error_msg] 1] + } } } ns_return $status_code text/html $error @@ -2229,7 +2230,7 @@ #ns_log notice "FORM_DATA var=$varname, value='$value' s=$s" #if {$varname eq "text"} {regsub -all "­" $value "" value} #ns_log notice "FORM_DATA var=$varname, value='$value'" - + if {![string match "*.*" $att]} { set :$varname $value } @@ -2537,7 +2538,7 @@ } } - + FormPage instproc load_values_into_form_fields {form_fields} { set is_new [:is_new_entry ${:name}]