The code below in cas.module (7.x-1.6) at line 455 over writes url querystring data with the current page or current page destination in all menus.
If you wanted to have a menu item that had url of cas?destination=node/4 which displayed to anonymous users, and when clicked redirected them to cas login, and then back to node/4 on successful login, the above mentioned code prevents it.
This hook_alter changes the destination parameter of every menu links with a URL of "cas", to "cas?" plus the result of drupal_get_destintation().
drupal_get_destination() checks for a query string on the current node url via GET, it does not look at the menu item array to see if the array had a destintation set. So if the anonymous user is on node/12 with no destination, all the cas?destination menu items are changed to "cas?destination=node/12". Or if the user is on node/12?destination=node/13, the menu items are replaced with cas?destination=node/13.
I am sure there was a valid reason for this override, but it does not make sense to me to apply it to all menu items globally and disrupt the normal flow of the ?destination= query string which is present in drupal core.
If there is a need to redirect all "cas" urls in menu items somewhere on the way back, then the function should check the $item['options']['query']['destination'] is empty before replacing it in the localized options with the results of drupal_get_destination().
/**
* Implements hook_translated_menu_item_alter().
*
* Append dynamic query 'destination' to several menu items.
*/
function cas_translated_menu_link_alter(&$item) {
if (strtolower($item['href']) == 'cas') {
$item['localized_options']['query'] = drupal_get_destination();
}
elseif (strtolower($item['href']) == 'caslogout' && !variable_get('cas_logout_destination', '')) {
$item['localized_options']['query'] = drupal_get_destination();
}
}
Comment | File | Size | Author |
---|---|---|---|
#8 | destination-param-override-fix-2938995-8.patch | 1.66 KB | bkosborne |
|
Comments
Comment #2
donaldwbabcock CreditAttribution: donaldwbabcock commentededit for clarity.
Comment #3
donaldwbabcock CreditAttribution: donaldwbabcock commentededit to fix typos
Comment #4
donaldwbabcock CreditAttribution: donaldwbabcock commentedThis works, but with out understanding the "why" it was in the first place, I am hesitant to submit it as a patch.
Comment #5
donaldwbabcock CreditAttribution: donaldwbabcock commentedtypos and description update
Comment #6
bkosborneI didn't write that original code, but it seems to be there as a convenience. Basically if you had a menu item with /cas in it, the CAS module "helpfully" alters it to add a destination parameter to it to bring users back to the current page they were on when they clicked the link. Without that, the user would typically be brought back to the homepage of your site after authenticating with CAS.
Your approach generally makes sense. We should not overwrite any existing query string parameters on that menu link if they already exist. I'll write a proper patch and see if it passes the tests.
Comment #7
metzlerd CreditAttribution: metzlerd commentedYes... The behavior to alter it to make sure it goes back to the login page. I didn't write the code either, but it was probably done because we were having people manually create the "Cas login" link rather than having the module provide dynamically generated links, which would impact caching i guess. Making it only override when destination is not already set does seem like the correct behavior, as long as it doesn't change the behavior of allowing logins to return to the page the user was on when clicking the cas login link.
Comment #8
bkosborne@donaldwbabcock, please try this patch.
Comment #10
bkosborneI think this is good to commit, doesn't look like I'll get a review. I want to get an annoying UI fix that's currently in dev release, so will create a new release soon.
Comment #11
donaldwbabcock CreditAttribution: donaldwbabcock commentedThis is committed and released in 7.x-1.7, so I'm a little late, but I pushed 7.x-1.7 to my dev environment today, and it works. Thanks.