kallithea Changeset - 8ee17ef21796

Changeset - 8ee17ef21796

Parent rev.

Child rev.

[Not reviewed]

stable

0 1 0

Søren Løvborg - 10 years ago 2015-09-18 13:57:49
sorenl@unity3d.com

login: use server-relative URLs in came_from correctly

Using h.url to combine came_from with query parameters caused the
SCRIPT_NAME to incorrectly be prepended to came_from, even though
it was already present. This was not a problem if the Kallithea
instance was served directly from the server root ('/') as is common,
but broke setups where Kallithea was served from a prefix.

1 file changed with 3 insertions and 4 deletions:

kallithea/controllers/login.py

0 comments (0 inline, 0 general)

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -67,16 +67,15 @@ class LoginController(BaseController): @@
             if not self._validate_came_from(c.came_from):
                 log.error('Invalid came_from (not server-relative): %r', c.came_from)
                 raise HTTPBadRequest()
             came_from = url(c.came_from)
         else:
-            c.came_from = came_from = url('home')
             c.came_from = url('home')
         not_default = self.authuser.username != User.DEFAULT_USER
         ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)
         # redirect if already logged in
         if self.authuser.is_authenticated and not_default and ip_allowed:
             raise HTTPFound(location=came_from)
+            raise HTTPFound(location=c.came_from)
         if request.POST:
             # import Login Form validator class
@@ @@ -106,7 +105,7 @@ class LoginController(BaseController): @@
             else:
                 log_in_user(user, c.form_result['remember'],
                     is_external_auth=False)
                 raise HTTPFound(location=came_from)
+                raise HTTPFound(location=c.came_from)
         return render('/login.html')

0 comments (0 inline, 0 general)