Index: branches/RC/core/kernel/utility/http_query.php =================================================================== diff -u -N -r11742 -r11865 --- branches/RC/core/kernel/utility/http_query.php (.../http_query.php) (revision 11742) +++ branches/RC/core/kernel/utility/http_query.php (.../http_query.php) (revision 11865) @@ -554,19 +554,57 @@ /** * Returns all $_GET array excluding system parameters, that are not allowed to be passed through generated urls * + * @param bool $access_error Method is called during no_permission, require login, session expiration link preparation * @return Array */ - function getRedirectParams() + function getRedirectParams($access_error = false) { - $unset_vars = Array(ENV_VAR_NAME, 'rewrite', '_mod_rw_url_', 'Action'); + $unset_vars = Array (ENV_VAR_NAME, 'rewrite', '_mod_rw_url_', 'Action'); + $ret = $this->Get; - foreach ($unset_vars as $var_name) - { - if( isset($ret[$var_name]) ) unset( $ret[$var_name] ); + foreach ($unset_vars as $var_name) { + if( isset($ret[$var_name]) ) { + unset( $ret[$var_name] ); + } } + + if ($access_error) { + $ret = $this->_removePassThroughVariables($ret); + + if ($this->Application->IsAdmin()) { + // place 1 of 2 (also in UsersEventHandler::OnSessionExpire) + $ret['m_cat_id'] = 0; // category means nothing on admin login screen + $ret['m_wid'] = ''; // remove wid, otherwise parent window may add wid to its name breaking all the frameset (for targets) + $ret['pass'] = 'm'; // don't pass any other (except "m") prefixes to admin login template + } + } + return $ret; } + /** + * Removes all pass_though variables from redirect params + * + * @param Array $url_params + * @return Array + */ + function _removePassThroughVariables($url_params) + { + $pass_through = array_key_exists('pass_through', $url_params) ? $url_params['pass_through'] : ''; + if (!$pass_through) { + return $url_params; + } + + $pass_through = explode(',', $pass_through . ',pass_through'); + foreach ($pass_through as $pass_through_var) { + unset($url_params[$pass_through_var]); + } + + $url_params['no_pass_through'] = 1; // this way kApplication::HREF won't add them again + + return $url_params; + } + function writeRequestLog($filename) { $folder_path = dirname(FULL_PATH.'/'.$filename);