From 4fda5ccd0e248750f68b4a9802044d02f84eb7cc Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 4 Mar 2021 13:40:54 +0300
Subject: [PATCH] fix a bunch of bookmarklets login forms not leading back

---
 classes/handler/public.php     | 5 ++++-
 include/functions.php          | 8 ++++++++
 include/login_form.php         | 2 +-
 plugins/auth_internal/init.php | 2 +-
 plugins/bookmarklets/init.php  | 8 +++++---
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/classes/handler/public.php b/classes/handler/public.php
index 0e82b6469..15ea01103 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -834,9 +834,12 @@ class Handler_Public extends Handler {
 		}
 	}
 
-	static function _render_login_form() {
+	static function _render_login_form(string $return_to = "") {
 		header('Cache-Control: public');
 
+		if ($return_to)
+			$_REQUEST['return'] = $return_to;
+
 		require_once "login_form.php";
 		exit;
 	}
diff --git a/include/functions.php b/include/functions.php
index 5e75439cf..73d963803 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -236,6 +236,14 @@
 		}
 	}
 
+	function with_trailing_slash(string $str) : string {
+		if (substr($str, -1) === "/") {
+			return $str;
+		} else {
+			return "$str/";
+		}
+	}
+
 	function make_password($length = 12) {
 		$password = "";
 		$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^";
diff --git a/include/login_form.php b/include/login_form.php
index 91850b768..be6734d07 100755
--- a/include/login_form.php
+++ b/include/login_form.php
@@ -85,7 +85,7 @@
 
 </script>
 
-<?php $return = urlencode(Config::make_self_url()) ?>
+<?php $return = urlencode($_REQUEST['return'] ? $_REQUEST['return'] : with_trailing_slash(Config::make_self_url())) ?>
 
 <div class="container">
 
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index bc0527e7f..9155f8165 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -100,7 +100,7 @@ class Auth_Internal extends Auth_Base {
 							<body class="flat ttrss_utility otp css_loading">
 								<h1><?= __("Authentication") ?></h1>
 								<div class="content">
-									<form dojoType="dijit.form.Form" action="public.php?return=<?= $return ?>" method="post" class="otpform">
+									<form dojoType="dijit.form.Form" action="public.php?return=<?= urlencode(with_trailing_slash($return)) ?>" method="post" class="otpform">
 
 										<?php foreach (["login", "password", "bw_limit", "safe_mode", "remember_me", "profile"] as $key) {
 											print \Controls\hidden_tag($key, $_POST[$key] ?? "");
diff --git a/plugins/bookmarklets/init.php b/plugins/bookmarklets/init.php
index ab88d48e7..4bd527623 100644
--- a/plugins/bookmarklets/init.php
+++ b/plugins/bookmarklets/init.php
@@ -167,7 +167,7 @@ class Bookmarklets extends Plugin {
 		</html>
 			<?php
 		} else {
-			Handler_Public::_render_login_form();
+			Handler_Public::_render_login_form($this->host->get_public_method_url($this, "subscribe"));
 		}
 	}
 
@@ -289,10 +289,12 @@ class Bookmarklets extends Plugin {
 				}
 
 			} else {
-				print_error("Not logged in");
+				$return_to = $this->host->get_public_method_url($this, "sharepopup");
 			?>
 
-			<form action="public.php?return=<?= urlencode(Config::make_self_url()) ?>" method="post">
+			<?= format_error("Not logged in") ?>
+
+			<form action="public.php?return=<?= urlencode($return_to) ?>" method="post">
 
 				<input type="hidden" name="op" value="login">
 
-- 
GitLab