diff --git a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs index f8a16d634..13a69af8d 100644 --- a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs +++ b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs @@ -15,6 +15,7 @@ using Orchard.Data; using Orchard.DisplayManagement; using Orchard.Localization; using Orchard.Logging; +using Orchard.Mvc.Extensions; using Orchard.UI.Navigation; using Orchard.UI.Notify; using Orchard.Settings; @@ -173,10 +174,7 @@ namespace Orchard.Core.Contents.Controllers { } } - if (!String.IsNullOrEmpty(returnUrl)) - return Redirect(returnUrl); - - return RedirectToAction("List"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("List")); } ActionResult CreatableTypeList() { @@ -300,10 +298,7 @@ namespace Orchard.Core.Contents.Controllers { ? T("Your content has been saved.") : T("Your {0} has been saved.", contentItem.TypeDefinition.DisplayName)); - if (!String.IsNullOrEmpty(returnUrl)) - return Redirect(returnUrl); - - return RedirectToAction("Edit", new RouteValueDictionary { { "Id", contentItem.Id } }); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Edit", new RouteValueDictionary { { "Id", contentItem.Id } })); } public ActionResult Remove(int id, string returnUrl) { @@ -319,10 +314,7 @@ namespace Orchard.Core.Contents.Controllers { : T("That {0} has been removed.", contentItem.TypeDefinition.DisplayName)); } - if (!String.IsNullOrEmpty(returnUrl)) - return Redirect(returnUrl); - - return RedirectToAction("List"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("List")); } [HttpPost] @@ -338,10 +330,7 @@ namespace Orchard.Core.Contents.Controllers { Services.ContentManager.Flush(); Services.Notifier.Information(string.IsNullOrWhiteSpace(contentItem.TypeDefinition.DisplayName) ? T("That content has been published.") : T("That {0} has been published.", contentItem.TypeDefinition.DisplayName)); - if (!String.IsNullOrEmpty(returnUrl)) - return Redirect(returnUrl); - - return RedirectToAction("List"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("List")); } [HttpPost] @@ -357,10 +346,7 @@ namespace Orchard.Core.Contents.Controllers { Services.ContentManager.Flush(); Services.Notifier.Information(string.IsNullOrWhiteSpace(contentItem.TypeDefinition.DisplayName) ? T("That content has been unpublished.") : T("That {0} has been unpublished.", contentItem.TypeDefinition.DisplayName)); - if (!String.IsNullOrEmpty(returnUrl)) - return Redirect(returnUrl); - - return RedirectToAction("List"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("List")); } bool IUpdateModel.TryUpdateModel(TModel model, string prefix, string[] includeProperties, string[] excludeProperties) { diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs index 47bfce9df..00082f0b5 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs @@ -9,6 +9,7 @@ using Orchard.ContentManagement.Aspects; using Orchard.Core.Contents.Settings; using Orchard.Localization; using Orchard.Mvc.AntiForgery; +using Orchard.Mvc.Extensions; using Orchard.Security; using Orchard.Security.Permissions; using Orchard.UI.Admin; @@ -153,10 +154,7 @@ namespace Orchard.Blogs.Controllers { Services.Notifier.Information(T("Your {0} has been saved.", blogPost.TypeDefinition.DisplayName)); - if (!String.IsNullOrEmpty(returnUrl)) - return Redirect(returnUrl); - - return Redirect(Url.BlogPostEdit(blogPost)); + return this.RedirectLocal(returnUrl, Url.BlogPostEdit(blogPost)); } [ValidateAntiForgeryTokenOrchard] diff --git a/src/Orchard.Web/Modules/Orchard.Comments/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Comments/Controllers/AdminController.cs index 69d543b72..d04e14b6a 100644 --- a/src/Orchard.Web/Modules/Orchard.Comments/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Comments/Controllers/AdminController.cs @@ -8,6 +8,7 @@ using Orchard.ContentManagement; using Orchard.DisplayManagement; using Orchard.Localization; using Orchard.Logging; +using Orchard.Mvc.Extensions; using Orchard.UI.Navigation; using Orchard.UI.Notify; using Orchard.Comments.ViewModels; @@ -244,18 +245,11 @@ namespace Orchard.Comments.Controllers { if (!Services.Authorizer.Authorize(Permissions.ManageComments, T("Couldn't close comments"))) return new HttpUnauthorizedResult(); _commentService.CloseCommentsForCommentedContent(commentedItemId); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); } catch (Exception exception) { Services.Notifier.Error(T("Closing Comments failed: " + exception.Message)); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); } + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } [HttpPost] @@ -264,18 +258,11 @@ namespace Orchard.Comments.Controllers { if (!Services.Authorizer.Authorize(Permissions.ManageComments, T("Couldn't enable comments"))) return new HttpUnauthorizedResult(); _commentService.EnableCommentsForCommentedContent(commentedItemId); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); } catch (Exception exception) { Services.Notifier.Error(T("Enabling Comments failed: " + exception.Message)); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); } + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } public ActionResult Edit(int id) { @@ -324,17 +311,12 @@ namespace Orchard.Comments.Controllers { int commentedOn = _commentService.GetComment(id).Record.CommentedOn; _commentService.ApproveComment(id); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Details", new { id = commentedOn }); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Details", new { id = commentedOn })); } catch (Exception exception) { Services.Notifier.Error(T("Approving comment failed: " + exception.Message)); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); + + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } } @@ -347,17 +329,11 @@ namespace Orchard.Comments.Controllers { int commentedOn = _commentService.GetComment(id).Record.CommentedOn; _commentService.UnapproveComment(id); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Details", new { id = commentedOn }); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Details", new { id = commentedOn })); } catch (Exception exception) { Services.Notifier.Error(T("Unapproving comment failed: " + exception.Message)); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } } @@ -370,17 +346,11 @@ namespace Orchard.Comments.Controllers { int commentedOn = _commentService.GetComment(id).Record.CommentedOn; _commentService.MarkCommentAsSpam(id); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Details", new { id = commentedOn }); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Details", new { id = commentedOn })); } catch (Exception exception) { Services.Notifier.Error(T("Marking comment as spam failed: " + exception.Message)); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } } @@ -393,17 +363,11 @@ namespace Orchard.Comments.Controllers { int commentedOn = _commentService.GetComment(id).Record.CommentedOn; _commentService.DeleteComment(id); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Details", new { id = commentedOn }); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Details", new { id = commentedOn })); } catch (Exception exception) { Services.Notifier.Error(T("Deleting comment failed: " + exception.Message)); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } - return RedirectToAction("Index"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } } diff --git a/src/Orchard.Web/Modules/Orchard.Comments/Controllers/CommentController.cs b/src/Orchard.Web/Modules/Orchard.Comments/Controllers/CommentController.cs index 401e8e1c0..8ce36e4b7 100644 --- a/src/Orchard.Web/Modules/Orchard.Comments/Controllers/CommentController.cs +++ b/src/Orchard.Web/Modules/Orchard.Comments/Controllers/CommentController.cs @@ -6,6 +6,7 @@ using Orchard.Comments.Services; using Orchard.Comments.ViewModels; using Orchard.ContentManagement; using Orchard.Localization; +using Orchard.Mvc.Extensions; using Orchard.UI.Notify; namespace Orchard.Comments.Controllers { @@ -26,9 +27,7 @@ namespace Orchard.Comments.Controllers { [HttpPost, ValidateInput(false)] public ActionResult Create(string returnUrl) { if (!Services.Authorizer.Authorize(Permissions.AddComment, T("Couldn't add comment"))) - return !String.IsNullOrEmpty(returnUrl) - ? Redirect(returnUrl) - : Redirect("~/"); + return this.RedirectLocal(returnUrl, "~/"); var viewModel = new CommentsCreateViewModel(); @@ -73,10 +72,7 @@ namespace Orchard.Comments.Controllers { TempData["CreateCommentContext.SiteName"] = context.SiteName; } - return !String.IsNullOrEmpty(returnUrl) - ? Redirect(returnUrl) - : Redirect("~/"); - + return this.RedirectLocal(returnUrl, "~/"); } } } \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs b/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs index 1686dcfb3..da55c9304 100644 --- a/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs +++ b/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs @@ -7,6 +7,7 @@ using NuGet; using Orchard.Environment.Extensions; using Orchard.FileSystems.AppData; using Orchard.Localization; +using Orchard.Mvc.Extensions; using Orchard.Packaging.Services; using Orchard.Security; using Orchard.Themes; @@ -101,7 +102,7 @@ namespace Orchard.Packaging.Controllers { } } - return Redirect(returnUrl); + return this.RedirectLocal(returnUrl, "~/"); } catch (Exception exception) { for (Exception scan = exception; scan != null; scan = scan.InnerException) { _notifier.Error(T("Uploading module package failed: {0}", exception.Message)); @@ -120,7 +121,7 @@ namespace Orchard.Packaging.Controllers { _notifier.Information(T("Uninstalled package \"{0}\"", id)); - return Redirect(returnUrl); + return this.RedirectLocal(returnUrl, "~/"); } catch (Exception exception) { for (Exception scan = exception; scan != null; scan = scan.InnerException) { _notifier.Error(T("Uninstall failed: {0}", exception.Message)); diff --git a/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs index f81140e6b..72b384f8b 100644 --- a/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Web.Mvc; using Orchard.Core.Contents.Controllers; using Orchard.Localization; +using Orchard.Mvc.Extensions; using Orchard.Roles.Models; using Orchard.Roles.Services; using Orchard.Roles.ViewModels; @@ -160,10 +161,7 @@ namespace Orchard.Roles.Controllers { Services.Notifier.Information(T("Role was successfully deleted.")); - if (!string.IsNullOrWhiteSpace(returnUrl)) - return Redirect(returnUrl); - - return RedirectToAction("Index"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } catch (Exception exception) { Services.Notifier.Error(T("Editing Role failed: {0}", exception.Message)); return RedirectToAction("Edit", id); diff --git a/src/Orchard.Web/Modules/Orchard.Tags/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Tags/Controllers/AdminController.cs index 8043121ce..7e4c2c7a7 100644 --- a/src/Orchard.Web/Modules/Orchard.Tags/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Tags/Controllers/AdminController.cs @@ -5,6 +5,7 @@ using System.Reflection; using System.Web.Mvc; using Orchard.Localization; using Orchard.ContentManagement; +using Orchard.Mvc.Extensions; using Orchard.Tags.Models; using Orchard.Tags.ViewModels; using Orchard.Tags.Services; @@ -120,10 +121,7 @@ namespace Orchard.Tags.Controllers { _tagService.DeleteTag(id); - if (!string.IsNullOrWhiteSpace(returnUrl)) - return Redirect(returnUrl); - - return RedirectToAction("Index"); + return this.RedirectLocal(returnUrl, () => RedirectToAction("Index")); } private static TagEntry CreateTagEntry(TagRecord tagRecord) { diff --git a/src/Orchard.Web/Modules/Orchard.Themes/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Themes/Controllers/AdminController.cs index a9ca18d18..4e9545b43 100644 --- a/src/Orchard.Web/Modules/Orchard.Themes/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Themes/Controllers/AdminController.cs @@ -8,6 +8,7 @@ using Orchard.Environment.Extensions; using Orchard.Environment.Extensions.Models; using Orchard.Environment.Features; using Orchard.Localization; +using Orchard.Mvc.Extensions; using Orchard.Reports.Services; using Orchard.Security; using Orchard.Themes.Preview; @@ -85,7 +86,7 @@ namespace Orchard.Themes.Controllers { if (!Services.Authorizer.Authorize(Permissions.ApplyTheme, T("Couldn't preview the current theme"))) return new HttpUnauthorizedResult(); _previewTheme.SetPreviewTheme(themeName); - return Redirect(returnUrl ?? "~/"); + return this.RedirectLocal(returnUrl, "~/"); } catch (Exception exception) { Services.Notifier.Error(T("Previewing theme failed: " + exception.Message)); diff --git a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs index bc53029ca..b60f1850a 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs +++ b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs @@ -71,19 +71,13 @@ namespace Orchard.Users.Controllers { _authenticationService.SignIn(user, false); - if (string.IsNullOrEmpty(returnUrl)) - return new RedirectResult("~/"); - - return new RedirectResult(returnUrl); + return this.RedirectLocal(returnUrl); } public ActionResult LogOff(string returnUrl) { _authenticationService.SignOut(); - if (string.IsNullOrEmpty(returnUrl)) - return new RedirectResult("~/"); - - return new RedirectResult(returnUrl); + return this.RedirectLocal(returnUrl); } int MinPasswordLength { diff --git a/src/Orchard/Mvc/Extensions/ControllerExtensions.cs b/src/Orchard/Mvc/Extensions/ControllerExtensions.cs new file mode 100644 index 000000000..25c374bfc --- /dev/null +++ b/src/Orchard/Mvc/Extensions/ControllerExtensions.cs @@ -0,0 +1,24 @@ +using System; +using System.Web.Mvc; + +namespace Orchard.Mvc.Extensions { + public static class ControllerExtensions { + public static ActionResult RedirectLocal(this Controller controller, string redirectUrl, Func invalidUrlBehavior) { + if (!string.IsNullOrWhiteSpace(redirectUrl) && controller.Url.IsLocalUrl(redirectUrl)) { + return new RedirectResult(redirectUrl); + } + return invalidUrlBehavior != null ? invalidUrlBehavior() : null; + } + + public static ActionResult RedirectLocal(this Controller controller, string redirectUrl) { + return RedirectLocal(controller, redirectUrl, (string)null); + } + + public static ActionResult RedirectLocal(this Controller controller, string redirectUrl, string defaultUrl) { + if (!string.IsNullOrWhiteSpace(redirectUrl) && controller.Url.IsLocalUrl(redirectUrl)) { + return new RedirectResult(redirectUrl); + } + return new RedirectResult(defaultUrl ?? "~/"); + } + } +} diff --git a/src/Orchard/Orchard.Framework.csproj b/src/Orchard/Orchard.Framework.csproj index 512e10207..6a4fa9597 100644 --- a/src/Orchard/Orchard.Framework.csproj +++ b/src/Orchard/Orchard.Framework.csproj @@ -178,6 +178,7 @@ +