Do not redirect to protected pages after logout (see contao#6210)

ralfhartmann · Oct 2, 2013 · 2a1e77e · 2a1e77e
1 parent eb93663
commit 2a1e77e
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 10 deletions.
diff --git a/system/docs/CHANGELOG.md b/system/docs/CHANGELOG.md
@@ -4,6 +4,9 @@ Contao Open Source CMS Changelog
 Version 3.1.3 (2013-XX-XX)
 --------------------------
 
+### Fixed
+Do not redirect to protected pages after logout (see #6210).
+
 ### Fixed
 Consider the additional arguments in `Frontend::jumpToOrReload()` (see #5734).
 

diff --git a/system/modules/core/modules/ModuleLogin.php b/system/modules/core/modules/ModuleLogin.php
@@ -127,18 +127,18 @@ public function generate()
 			global $objPage;
 
 			$this->import('FrontendUser', 'User');
-			$strRedirect = \Environment::get('request');
+			$strRedirect = \Environment::get(($objPage->protected ? 'base' : 'request'));
 
 			// Redirect to last page visited
 			if ($this->redirectBack && strlen($_SESSION['LAST_PAGE_VISITED']))
 			{
-				$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
-			}
+				$objLastPage = \PageModel::findByIdOrAlias($this->getPageIdFromUrl($_SESSION['LAST_PAGE_VISITED']));
 
-			// Redirect home if the page is protected
-			elseif ($objPage->protected)
-			{
-				$strRedirect = \Environment::get('base');
+				// Check whether the page is protected (see #6210)
+				if ($objLastPage !== null && !$objLastPage->protected)
+				{
+					$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
+				}
 			}
 
 			// Logout and redirect

diff --git a/system/modules/core/modules/ModuleLogout.php b/system/modules/core/modules/ModuleLogout.php
@@ -61,16 +61,25 @@ public function generate()
 		}
 
 		$this->import('FrontendUser', 'User');
+
+		$blnUseJumpTo = ($this->jumpTo > 0);
 		$strRedirect = \Environment::get('base');
 
 		// Redirect to last page visited
 		if ($this->redirectBack && !empty($_SESSION['LAST_PAGE_VISITED']))
 		{
-			$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
+			$objLastPage = \PageModel::findByIdOrAlias($this->getPageIdFromUrl($_SESSION['LAST_PAGE_VISITED']));
+
+			// Check whether the page is protected (see #6210)
+			if ($objLastPage !== null && !$objLastPage->protected)
+			{
+				$blnUseJumpTo = false;
+				$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
+			}
 		}
 
-		// Redirect to jumpTo page
-		elseif ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null)
+		// Redirect to the jumpTo page
+		if ($blnUseJumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null)
 		{
 			$strRedirect = $this->generateFrontendUrl($objTarget->row());
 		}