Files
@ b537babcf966
Branch filter:
Location: kallithea/docs/index.rst - annotation
b537babcf966
1.2 KiB
text/prs.fallenstein.rst
login: include query parameters in came_from
The login controller uses the came_from query argument to determine
the page to continue to after login.
Previously, came_from specified only the URL path (obtained using
h.url.current), and any URL query parameters were passed along as
separate (additional) URL query parameters; to obtain the final redirect
target, h.url was used to combine came_from with the request.GET.
As of this changeset, came_from specifies both the URL path and query
string (obtained using request.path_qs), which means that came_from can
be used directly as the redirect target (as always, WebOb handles the
task of expanding the server relative path to a fully qualified URL).
The mangling of request.GET can also be removed.
The login code appended arbitrary, user-supplied query parameters to
URLs by calling the Routes URLGenerator (h.url) with user-supplied
keyword arguments. This construct is unfortunate, since url only
appends _unknown_ keyword arguments as query parameters, and the
parameter names could overlap with known keyword arguments, possibly
affecting the generated URL in various ways. This changeset removes
this usage from the login code, but other instances remain.
(In practice, the damage is apparently limited to causing an Internal
Server Error when going to e.g. "/_admin/login?host=foo", since WebOb
returns Unicode strings and URLGenerator only allows byte strings for
these keyword arguments.)
The login controller uses the came_from query argument to determine
the page to continue to after login.
Previously, came_from specified only the URL path (obtained using
h.url.current), and any URL query parameters were passed along as
separate (additional) URL query parameters; to obtain the final redirect
target, h.url was used to combine came_from with the request.GET.
As of this changeset, came_from specifies both the URL path and query
string (obtained using request.path_qs), which means that came_from can
be used directly as the redirect target (as always, WebOb handles the
task of expanding the server relative path to a fully qualified URL).
The mangling of request.GET can also be removed.
The login code appended arbitrary, user-supplied query parameters to
URLs by calling the Routes URLGenerator (h.url) with user-supplied
keyword arguments. This construct is unfortunate, since url only
appends _unknown_ keyword arguments as query parameters, and the
parameter names could overlap with known keyword arguments, possibly
affecting the generated URL in various ways. This changeset removes
this usage from the login code, but other instances remain.
(In practice, the damage is apparently limited to causing an Internal
Server Error when going to e.g. "/_admin/login?host=foo", since WebOb
returns Unicode strings and URLGenerator only allows byte strings for
these keyword arguments.)
5f481e4e888b 5f481e4e888b 22a3fa3c4254 beb4cbf30d00 22a3fa3c4254 22a3fa3c4254 03bbd33bc084 bdd1ddd05b7c 03bbd33bc084 03bbd33bc084 5f481e4e888b 03bbd33bc084 03bbd33bc084 03bbd33bc084 5f481e4e888b 5f481e4e888b 5f481e4e888b 5f481e4e888b 154becd92f40 5f481e4e888b 64b1a2320bcb d95ea48af67b e69d34136be5 3389f272ece1 57caeb60c52b 8b8edfc25856 bb35ad076e2f bb35ad076e2f bb35ad076e2f bb35ad076e2f bb35ad076e2f bbd499c7b55e 601282d36c06 aa17c7a1b8a5 bbd499c7b55e beb4cbf30d00 22a3fa3c4254 beb4cbf30d00 beb4cbf30d00 beb4cbf30d00 beb4cbf30d00 2079e864ce51 beb4cbf30d00 af371e206ec5 4d076981a7b1 aa90719e8520 4d076981a7b1 22a3fa3c4254 bb35ad076e2f bb35ad076e2f bb35ad076e2f 8b8edfc25856 bb35ad076e2f 42a87338035a 5f481e4e888b bb35ad076e2f bb35ad076e2f bb35ad076e2f 9da24750f563 bb35ad076e2f b43a121f3137 b43a121f3137 8b8edfc25856 bb35ad076e2f 5f481e4e888b a60cd29ba7e2 5f481e4e888b 5f481e4e888b 5f481e4e888b 5f481e4e888b fbbe80e3322b a60cd29ba7e2 5f481e4e888b 5f481e4e888b 5f481e4e888b 9472a0150bf0 5f481e4e888b a60cd29ba7e2 a60cd29ba7e2 a60cd29ba7e2 8b8edfc25856 | .. _index:
#######################
Kallithea Documentation
#######################
**Readme**
.. toctree::
:maxdepth: 1
readme
**Installation**
.. toctree::
:maxdepth: 1
overview
installation
installation_win
installation_win_old
installation_iis
setup
installation_puppet
**Usage**
.. toctree::
:maxdepth: 1
usage/general
usage/vcs_support
usage/locking
usage/statistics
**Administrator's guide**
.. toctree::
:maxdepth: 1
usage/email
usage/performance
usage/backup
usage/debugging
usage/troubleshooting
**Development**
.. toctree::
:maxdepth: 1
contributing
changelog
**API**
.. toctree::
:maxdepth: 1
api/api
api/models
Other topics
------------
* :ref:`genindex`
* :ref:`search`
.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _django: http://www.djangoproject.com/
.. _mercurial: http://mercurial.selenic.com/
.. _bitbucket: http://bitbucket.org/
.. _subversion: http://subversion.tigris.org/
.. _git: http://git-scm.com/
.. _celery: http://celeryproject.org/
.. _Sphinx: http://sphinx.pocoo.org/
.. _vcs: http://pypi.python.org/pypi/vcs
|