Jump to content

URL redirect removing "do=" action?


sirspider
 Share

Go to solution Solved by bfarber,

Recommended Posts

Hello, I'm trying to create an "Edit in ACP" button on the user profile headers.

This is the template code I have so far:

             {{if \IPS\Member::loggedIn()->isAdmin() }}
              <li>
                <a href='{url="app=core&module=members&controller=members&do=view&id={$member->member_id}" base="admin"}' class='ipsButton ipsButton_overlaid'>
                  <i class='fa fa-pencil'></i> <span class='ipsResponsive_hidePhone ipsResponsive_inline'>  Edit in ACP</span>
                </a>
              </li>
              {{endif}}

 

However after following the link and being redirected to the admincp login page, the redirect removes the `do=view` part of the URL. It becomes:

&app=core&module=members&controller=members&id=1

 

How can I go about ensuring that `do=view` remains?

 

Link to comment
Share on other sites

  • Solution

When logging in to the AdminCP, do parameters will be stripped from the URL. This is intended to help protected administrators from making unintended changes on their site by following a link (or being redirected) from a malicious source.

We may be able to revisit this behavior in a future release now that stronger CSRF protections are in place. In the mean time, your only option would be to use a custom controller and put your actions in the manage method.

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...