[Rt-commit] rt branch, 4.2/goto-user-back-button, created. rt-4.1.8-514-g5c405bd

Alex Vandiver alexmv at bestpractical.com
Wed May 29 18:06:55 EDT 2013 

The branch, 4.2/goto-user-back-button has been created
        at  5c405bdafe5c7c56bc034c2e182227626e5e6a22 (commit)

- Log -----------------------------------------------------------------
commit 5c405bdafe5c7c56bc034c2e182227626e5e6a22
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed May 29 18:02:25 2013 -0400

    Don't store information in hidden elements where it can become stale
    
    Storing the username in a hidden form element to submit, and then doing
    the redirect server-side, opens the possibility that the hidden element
    can become stale -- namely, when the browser's back button is involved.
    If a user was selected from the autocomplete, then the browser backed up
    to that page, the browser would helpfully remember the value in the
    hidden form element.  This would result in any search (but not
    autocomplete) bringing the user to the previously autocompleted user.
    
    Instead, perform the redirect client-side, which saves processing a
    custom hidden form.  The UserSearch element cannot be simply filled with
    the chosen autocomplete value's username because this might result in a
    search with more than one result -- leading to a list of matches, and
    not the selected user.  Jumping directly to the target page avoids this
    problem.

diff --git a/share/html/Elements/GotoUser b/share/html/Elements/GotoUser
index 94cf526..74dc5f4 100644
--- a/share/html/Elements/GotoUser
+++ b/share/html/Elements/GotoUser
@@ -47,16 +47,14 @@
 %# END BPS TAGGED BLOCK }}}
 <form name="UserSearch" method="post" action="<% RT->Config->Get('WebPath') %>/User/Search.html">
 <input type="text" name="UserString" value="<% $Default %>" id="autocomplete-UserString" />
-<input type="hidden" name="UserName" value="">
 <script type="text/javascript">
 jQuery(function(){
     jQuery("#autocomplete-UserString").autocomplete({
         source: RT.Config.WebPath + "/Helpers/Autocomplete/Users?return=Name",
-        // Auto-submit once a user is chosen
+        // Jump directly to the page if a user is chosen
         select: function( event, ui ) {
-            var form = jQuery(event.target).closest('form');
-            form.find('input[name=UserName]').val(ui.item.value);
-            form.submit();
+            document.location = RT.Config.WebPath + "/User/Summary.html?id="
+                + encodeURIComponent(ui.item.value);
         }
     });
 });
diff --git a/share/html/User/Search.html b/share/html/User/Search.html
index 75b3aed..02befc5 100644
--- a/share/html/User/Search.html
+++ b/share/html/User/Search.html
@@ -75,16 +75,6 @@
 
 <%INIT>
 
-if ($UserName) {
-    my $user = RT::User->new( $session{'CurrentUser'} );
-    my ($status, $msg) = $user->Load($UserName);
-    if ($status) {
-        RT::Interface::Web::Redirect(RT->Config->Get('WebURL')."User/Summary.html?id=".$user->Id);
-    } else {
-        RT->Logger->error("Unable to load $UserName: $msg");
-    }
-}
-
 my $exclude = [RT->Nobody->Id, RT->System->Id];
 my $users = RT::Users->new($session{'CurrentUser'});
 $users->SimpleSearch( Return    => 'Name',
@@ -105,5 +95,4 @@ my $search_fields = join ", ", map loc($_), keys %{RT->Config->Get('UserSearchFi
 </%INIT>
 <%ARGS>
 $UserString => undef
-$UserName   => undef
 </%ARGS>

-----------------------------------------------------------------------

More information about the Rt-commit mailing list