Relationship action forms should respect destination query

Thanks but don't you think someone could craft a URL that requests to approve a relationship and insert a destination to a phishing site?

Yep it will redirect to whatever is given, hence my concern. So it seems risky to include it in UR due to the potential of misuse.

The #2 is what I was thinking about... but you're right, submit and cancel should both respect destination if one does so. (for that matter, it would have been better to use a submit for cancel, not a link, perhaps I should modify it this way)

subscribing

I'm not sure what this "destination query" is, but currently users are always redirected to relationships/requests whether they approve, deny, cancel or say no in the AJAX form. Only when I add a relationship from user's profile, then it stays on the same page and prints a message that my request has been sent.

Hello,

Is there a chance of this patch being committed? or will there be further development?
I would like to set the URL to a specific page when users click cancel from the approve/remove page, but it currently leads to relationships/requests

Thank you!

+1 subscribing

Hello,

I am getting the below when trying to test the patch:

can't find file to patch at input line 8
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Index: user_relationships_ui.forms.inc
|===================================================================
|RCS file: /cvs/drupal-contrib/contributions/modules/user_relationships/user_relationships_ui/Attic/user_relationships_ui.forms.inc,v
|retrieving revision 1.1.2.12
|diff -u -p -r1.1.2.12 user_relationships_ui.forms.inc
|--- user_relationships_ui.forms.inc	14 May 2009 09:53:11 -0000	1.1.2.12
|+++ user_relationships_ui.forms.inc	12 Jun 2009 16:18:45 -0000

I'm re-rolling the original patch so it applies smoothly.
Tested and it works great! Thanks for the work elliotttf

tested this and it fixed the destination query issue
+1 for commit

Alex - could you please check this out and commit? It helps greatly to fix the destination query issue for customized sites.

Committed in http://drupal.org/cvs?commit=420344, thanks all.

thanks Alex the wave of commits!

Sorry to reopen but the previous fix only covers Approve, Disapprove and Cancel actions. Destination query should also be respected in Remove action, and (but I'm less sure of that) Request action, thus all actions will act in a consistent way.

It proves useful when using UR actions from somewhere else than the standard pages (in views for example) and no ajax is used.

Attached a patch that make the Remove action respect destination query. Should it be the same for Request action? What do you think?

After looking more closely at the code I think Request action should respect destination query too. Patch attached.

Tagging to remind myself to take a look later.

Committed to 6.x-1.x. Looks like this portion is missing from 7.x as well.

Yep. Commited.

The destination setting does not work for the cancel button with URL's that contain encodable characters. For example, if you set destination=user/somepage?var=1, the submit works correctly, but the cancel link takes you to user/somepage%3Fvar%3D1 which of course doesn't work.