FarCry 7.2.9: issue with public login form


I try to create a public login page for my site. Following modius’s tutorial, I was kind of able to set-up the entire process. However, the last step, the redirection itself, does not work.

The call to check for a successful login

stResult = application.security.processLogin(loginReturnURl=application.url.conjurer)

returns the result structure, tells me that I’m authenticated, but the stResult.loginReturnURl parameter is always an empty string which seems to cause the <cflocation> call to … well, do nothing.

For the sake of completeness, here is the core of the DisplayBodyView webskin method:

<cfimport taglib="/farcry/core/tags/formtools/" prefix="ft" />

<!--- process the login information ---> 
<cfset stResult = application.security.processLogin(loginReturnURl=application.url.conjurer) />
<!--- redirect in case we have a successful login --->
<cfif stResult.authenticated>
    <cflocation url="#URLDecode(stResult.loginReturnURL)#" addToken="false" />
<!--- display the login form --->
<ft:form formTheme="">
	<cfif IsDefined("stResult.message") AND Len(stResult.message)>
		<cfoutput><div class="alert alert-warning">#stResult.message#</div></cfoutput>

    <ft:object typename="farLogin" lFields="username,password" prefix="login" legend="" focusField="username" />
    <ft:button value="Login" />

When I looked at the actual HTML code the FarCry formtool components create, I realized that somewhere in the form creation process, the action URl got screwed up:

<form action=​"/​index.cfm?​type=login&​view=displayPageStandard&​amp;​returnUrl=%2Findex.cfm%3F&​error=restricted" method=​"post" id=​"farcryForm734361443" name=​"farcryForm734361443" enctype=​"multipart/​form-data" class style novalidate=​"novalidate">​

Notice the &amp; entity as well as the return URL encoding in the action property? To me, it seems that the & entity will not be processed correctly after submitting the form, resulting a an empty loginReturnURl parameter.

I looked up the getLink() and fixURL() methods in the core CFCs but couldn’t find the place where the injection occurs.

What do I miss?

nj:display tag, which the index.cfm template uses, picks up the login url
and adds returnURL. Note that you can also set the login url using the
loginpath attribute if you want to test different urls without restarting
the app.


Well, that’s exactly my question (having provided the farLogin's displayBodyView webskin method: Which tag creates the form action URl?