Merge pull request #18680 from craftcms/feature/explicit-redirects

Explicitly set `returnUrl` params on element edit pages

Author: brandonkelly

CHANGELOG-WIP.md

@@ -3,7 +3,8 @@
 ### Content Management
 - Collapsed Matrix blocks now show their entries’ UI labels as preview text, whenever possible. ([#18484](https://github.com/craftcms/cms/discussions/18484))
 - Element-level actions within nested element management fields (Matrix, Addresses, etc.) now consistently affect all selected elements, when performed on a selected element. ([#18561](https://github.com/craftcms/cms/pull/18561))
-- Elements within Matrix and Addresses fields now have “Paste above” actions when a compatible element is copied. ([#17406](https://github.com/craftcms/cms/discussions/17406)) 
+- Elements within Matrix and Addresses fields now have “Paste above” actions when a compatible element is copied. ([#17406](https://github.com/craftcms/cms/discussions/17406))
+- Elements now keep track of the index page’s URL their edit page was linked to from, and explicitly redirect back to that page after save, rather than always redirecting to the referrer. ([#18680](https://github.com/craftcms/cms/pull/18680))
 - Addresses fields now have a “Copy all addresses” field-level action. ([#18561](https://github.com/craftcms/cms/pull/18561))
 - Matrix fields’ “Expand”, “Collapse”, and “Copy” field-level actions now always affect all nested entries, regardless of whether any entries are selected. ([#18561](https://github.com/craftcms/cms/pull/18561))
 - Matrix fields no longer have “Duplicate” and “Delete” field-level actions. ([#18561](https://github.com/craftcms/cms/pull/18561))

src/base/Element.php

@@ -80,6 +80,7 @@
 use craft\helpers\Db;
 use craft\helpers\ElementHelper;
 use craft\helpers\Html;
+use craft\helpers\Json;
 use craft\helpers\StringHelper;
 use craft\helpers\Template;
 use craft\helpers\UrlHelper;
@@ -1285,6 +1286,7 @@ public static function indexHtml(
             'nestedInputNamespace' => $viewState['nestedInputNamespace'] ?? null,
             'tableName' => static::pluralDisplayName(),
             'elementQuery' => self::elementQueryWithAllDescendants($elementQuery),
+            'returnUrl' => $viewState['returnUrl'] ?? null,
         ];
 
         $db = Craft::$app->getDb();
@@ -3940,12 +3942,20 @@ public function getAltActions(): array
         $elementsService = Craft::$app->getElements();
         $canSaveCanonical = $elementsService->canSaveCanonical($this);
 
+        $returnUrl = Craft::$app->getRequest()->getQueryParam('returnUrl');
+        $redirectParams = array_filter([
+            'returnUrl' => $returnUrl,
+        ]);
+
         $altActions = [
             [
                 'label' => $isUnpublishedDraft && $canSaveCanonical
                     ? Craft::t('app', 'Create and continue editing')
                     : Craft::t('app', 'Save and continue editing'),
                 'redirect' => '{cpEditUrl}',
+                'params' => array_filter([
+                    'redirectParams' => !empty($redirectParams) ? Json::encode($redirectParams) : null,
+                ]),
                 'shortcut' => true,
                 'retainScroll' => true,
                 'eventData' => ['autosave' => false],
@@ -3962,7 +3972,10 @@ public function getAltActions(): array
                     'shortcut' => true,
                     'shift' => true,
                     'eventData' => ['autosave' => false],
-                    'params' => ['addAnother' => 1],
+                    'params' => [
+                        'addAnother' => 1,
+                        'returnUrl' => $returnUrl,
+                    ],
                 ];
             }
 
@@ -3987,6 +4000,7 @@ public function getAltActions(): array
                     'params' => [
                         'asUnpublishedDraft' => true,
                         'deleteProvisionalDraft' => true,
+                        'redirectParams' => !empty($redirectParams) ? Json::encode($redirectParams) : null,
                     ],
                 ];
             }

src/controllers/ElementIndexesController.php

@@ -884,6 +884,7 @@ protected function elementResponseData(bool $includeContainer, bool $includeActi
                 [
                     ...$this->viewState,
                     'fieldLayouts' => $this->fieldLayouts,
+                    'returnUrl' => $this->request->getParam('returnUrl'),
                 ],
                 $this->sourceKey,
                 $this->context,

src/controllers/ElementsController.php

@@ -364,7 +364,19 @@ public function actionEdit(?ElementInterface $element, ?int $elementId = null):
         [$docTitle, $title] = $this->_editElementTitles($element);
         $enabledForSite = $element->getEnabledForSite();
         $hasRoute = $element->getRoute() !== null;
-        $redirectUrl = $this->request->getValidatedQueryParam('returnUrl') ?? UrlHelper::cpReferralUrl() ?? ElementHelper::postEditUrl($element);
+
+        $redirectUrl = $this->request->getQueryParam('returnUrl');
+        if ($redirectUrl) {
+            // only require the URL to be hashed if it contains Twig code
+            $validated = Craft::$app->getSecurity()->validateData($redirectUrl);
+            if ($validated !== false) {
+                $redirectUrl = $validated;
+            } elseif (str_contains($redirectUrl, '{')) {
+                throw new BadRequestHttpException("Invalid returnUrl param: $redirectUrl");
+            }
+        } else {
+            $redirectUrl = ElementHelper::postEditUrl($element);
+        }
 
         // Site statuses
         if ($canEditMultipleSites) {
@@ -1040,9 +1052,16 @@ private function _additionalButtons(
 
         // Revert content from this revision
         if ($isRevision && $canSaveCanonical && $element->hasRevisions()) {
+            $returnUrl = $this->request->getQueryParam('returnUrl');
             $components[] = Html::beginForm() .
                 Html::actionInput('elements/revert') .
                 Html::redirectInput('{cpEditUrl}') .
+                ($returnUrl
+                    ? Html::hiddenInput('redirectParams', Json::encode([
+                        'returnUrl' => $returnUrl,
+                    ]))
+                    : ''
+                ) .
                 Html::hiddenInput('elementId', (string)$canonical->id) .
                 Html::hiddenInput('revisionId', (string)$element->revisionId) .
                 Html::button(Craft::t('app', 'Revert content from this revision'), [
@@ -3012,6 +3031,11 @@ private function _asSuccess(
                 ]);
             }
 
+            $returnUrl = $this->request->getParam('returnUrl');
+            if ($returnUrl) {
+                $url = UrlHelper::urlWithParams($url, ['returnUrl' => $returnUrl]);
+            }
+
             $response->redirect($url);
         }
 

src/controllers/EntryTypesController.php

@@ -20,7 +20,6 @@
 use craft\helpers\Cp;
 use craft\helpers\Html;
 use craft\helpers\StringHelper;
-use craft\helpers\UrlHelper;
 use craft\models\EntryType;
 use craft\models\Section;
 use craft\web\Controller;
@@ -125,7 +124,7 @@ public function actionEdit(?int $entryTypeId = null, ?EntryType $entryType = nul
         if (!$this->readOnly) {
             $response
                 ->action('entry-types/save')
-                ->redirectUrl(UrlHelper::cpReferralUrl() ?? 'settings/entry-types')
+                ->redirectUrl('settings/entry-types')
                 ->addAltAction(Craft::t('app', 'Save and continue editing'), [
                     'redirect' => 'settings/entry-types/{id}',
                     'shortcut' => true,

src/controllers/FieldsController.php

@@ -205,7 +205,7 @@ public function actionEditField(?int $fieldId = null, ?FieldInterface $field = n
         if (!$this->readOnly) {
             $response
                 ->action('fields/save-field')
-                ->redirectUrl(UrlHelper::cpReferralUrl() ?? 'settings/fields')
+                ->redirectUrl('settings/fields')
                 ->addAltAction(Craft::t('app', 'Save and continue editing'), [
                     'redirect' => 'settings/fields/edit/{id}',
                     'shortcut' => true,

src/helpers/Cp.php

@@ -526,6 +526,7 @@ public static function chipHtml(Chippable $component, array $config = []): strin
      * - `class` – Class name(s) that should be added to the container element
      * - `context` – The context the chip is going to be shown in (`index`, `field`, etc.)
      * - `hyperlink` – Whether the chip label should be hyperlinked to the element’s URL
+     * - `returnUrl` – The `returnUrl` param that should be added to the hyperlink URL
      * - `id` – The chip’s `id` attribute
      * - `inputName` – The `name` attribute that should be set on a hidden input, if set
      * - `inputValue` – The `value` attribute that should be set on the hidden input, if `inputName` is set. Defaults to [[\craft\base\Identifiable::getId()`]].
@@ -555,6 +556,7 @@ public static function elementChipHtml(ElementInterface $element, array $config
             'attributes' => [],
             'autoReload' => true,
             'context' => 'index',
+            'returnUrl' => null,
             'id' => sprintf('chip-%s', mt_rand()),
             'inputName' => null,
             'selectable' => false,
@@ -574,6 +576,7 @@ public static function elementChipHtml(ElementInterface $element, array $config
                 'data' => array_filter([
                     'settings' => $config['autoReload'] ? [
                         'context' => $config['context'],
+                        'returnUrl' => $config['returnUrl'],
                         'showDraftName' => $config['showDraftName'],
                         'showProvisionalDraftLabel' => $config['showProvisionalDraftLabel'],
                     ] : false,
@@ -629,6 +632,7 @@ public static function elementChipHtml(ElementInterface $element, array $config
      * - `autoReload` – Whether the card should auto-reload itself when it’s saved
      * - `context` – The context the card is going to be shown in (`index`, `field`, etc.)
      * - `hyperlink` – Whether the card label should be hyperlinked to the element’s URL
+     * - `returnUrl` – The `returnUrl` param that should be added to the hyperlink URL
      * - `id` – The card’s `id` attribute
      * - `inputName` – The `name` attribute that should be set on the hidden input, if `context` is set to `field`
      * - `selectable` – Whether the card should include a checkbox input
@@ -648,6 +652,7 @@ public static function elementCardHtml(ElementInterface $element, array $config
             'autoReload' => true,
             'context' => 'index',
             'hyperlink' => false,
+            'returnUrl' => null,
             'id' => sprintf('card-%s', mt_rand()),
             'inputName' => null,
             'selectable' => false,
@@ -728,6 +733,7 @@ public static function elementCardHtml(ElementInterface $element, array $config
                 'data' => array_filter([
                     'settings' => $config['autoReload'] ? [
                         'hyperlink' => $config['hyperlink'],
+                        'returnUrl' => $config['returnUrl'],
                         'selectable' => $config['selectable'],
                         'context' => $config['context'],
                         'id' => Craft::$app->getView()->namespaceInputId($config['id']),
@@ -1154,6 +1160,16 @@ private static function elementLabelHtml(ElementInterface $element, array $confi
                 $config['context'] !== 'modal' &&
                 ($url = $attributes['data']['cp-url'] ?? null)
             ) {
+                $returnUrl = $config['returnUrl'] ?? null;
+                if ($returnUrl) {
+                    if (str_contains($returnUrl, '{')) {
+                        $returnUrl = Craft::$app->getSecurity()->hashData($returnUrl);
+                    }
+                    $url = UrlHelper::urlWithParams($url, [
+                        'returnUrl' => $returnUrl,
+                    ]);
+                }
+
                 $content = Html::tag('a', Html::tag('span', $content), [
                     'class' => ['label-link'],
                     'href' => $url,

src/helpers/UrlHelper.php

@@ -579,6 +579,7 @@ public static function cpHost(): string
      *
      * @return string|null
      * @since 5.9.0
+     * @deprecated in 5.10.0
      */
     public static function cpReferralUrl(): ?string
     {

src/templates/_elements/cardsview/elements.twig

@@ -1,5 +1,6 @@
 {% set context = context ?? 'index' %}
 {% set hyperlink = hyperlink ?? (context in ['index', 'embedded-index']) %}
+{% set returnUrl = returnUrl ?? null %}
 
 {% apply spaceless %}
   {% for element in elements %}
@@ -14,6 +15,7 @@
         selectable,
         sortable,
         hyperlink,
+        returnUrl,
       }) }}
     {% endtag %}
   {% endfor %}

src/templates/_elements/tableview/elements.twig

@@ -8,6 +8,7 @@
 {% set showHeaderColumn = showHeaderColumn ?? false %}
 {% set context = context ?? 'index' %}
 {% set hyperlink = hyperlink ?? (context in ['index', 'embedded-index']) %}
+{% set returnUrl = returnUrl ?? null %}
 
 {% for element in elements %}
     {% set totalDescendants = structure
@@ -90,6 +91,7 @@
                                 class: ['chromeless'],
                             },
                             hyperlink,
+                            returnUrl,
                         }) %}
                         {% if not showHeaderColumn %}
                             {% set chip = chip|attr({class: 'hide-label'}) %}