Item3960: %ORIGURL% not parse from TemplateLogin.pm

1) Login as a normal user (less priviledge user)

2) Click on edit to modify a topic that requires necessary credentials

3) Access Denied page is shown e.g.

http://localhost/bin/oops/TWiki/TWikiWebTopicActions?template=oopsaccessdenied;def=topic_access;param1=change;param2=access%20not%20allowed%20on%20web

4) HTML source on line 137,

136: </table>
137: <input type="hidden" name="origurl" value="%ORIGURL%" />
138: </form>

5) Nice error message called 400 BAD REQUEST

URL: http://localhost/bin/login/TWiki/%ORIGURL%?twiki_redirect_cache=8cfb2349431a8c6ea48a983a144c562f

6) But going to http://localhost/bin/view/TWiki works perfectly fine, i.e. logged in as the actual user.

Redirect from normal login works fine.

-- TWiki:Main/KwangErnLiew - 26 Apr 2007

I don't understand steps 5 or 6. Can you describe exactly what you were trying to do, and exactly what steps you used to do it? Thx.

CC

sorry for not being clear. was tired. :/

step 5 basically shows what the error message is when i input the correct username and password in step 3. step 4 is just additional information on the html source of step 3.

step 6 indicates that the user is actually logged in, but is not 'confirmed' or redirected to because of step 5. so basically, the user is actually logged in, and going to a page will show that the user is logged in, but the redirection didn't work from step 3 onwards.

hope that's clear...

-- TWiki:Main.KwangErnLiew - 27 Apr 2007

OK, did some more digging.

This issue only occurs for NatSkin. The interface doesn't exist on PatternSkin.

Can't figure out what went wrong in TemplateLogin.pm. Not elite enough and gave up.

-- TWiki:Main.KwangErnLiew - 27 Apr 2007

OK, it's a template issue. 4 templates are affected, login.classic.tmpl, login.pattern.tmpl, login.tmpl, and loginbase.nat.tmpl (NatSkin)

basically %ORIGURL% should be %=URLPARAM{"origurl"}=%

patch is attached.

-- TWiki:Main.KwangErnLiew - 27 Apr 2007

Actually, TemplateLogin.pm happily replaces ORIGURL with the correct value for me. Infact, URLPARAM{"origurl"} does not work for me even if there is an url param "origurl". Strange.

What is the value of your LoginManage for TWiki? Is it set to TemplateLogin or to none? You should only be able to get the above oops url when you set it to none. That's an ancient NatSkin interface of its own login manager from pre-dakar times. Please set the LoginManager to TemplateLogin and try again, please. If I do so I don't get that oops url. I get a http://..../login/Web/Topic?origurl url.

-- TWiki:Main.MichaelDaum - 22 May 2007

Okay, I can confirm this bug. The oops ui does not expand ORIGURL, nor is there an origurl urlparam. So the correct fix is to wrap ORIGURL into an IFDEFINED like this

input type="hidden" name="origurl" value="%IFDEFINED{"%ORIGURL%"}%" /

-- TWiki:Main.MichaelDaum - 23 May 2007

Hm, strange...

TemplateLogin is the LoginManager for me.

I've just tried out IFDEFINED and it works the same as what you have.

Am using NatSkin 3.0-pre13 and NatSkinPlugin 3.0-pre12 btw.

-- TWiki:Main.KwangErnLiew - 25 May 2007

Fixed in Item4689 and released as NatSkin-3.0-pre15

-- TWiki:Main.MichaelDaum - 21 Sep 2007