Changeset - ad131f703996
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Mads Kiilerich - 10 years ago 2015-09-20 22:22:50
madski@unity3d.com
login: make it clear that an invalid came_from is an invalid request
1 file changed with 4 insertions and 1 deletions:
kallithea/controllers/login.py
4
1
0 comments (0 inline, 0 general)
kallithea/controllers/login.py
Show inline comments
 
@@ -76,7 +76,10 @@ class LoginController(BaseController):
 

			




	
	
	
		
 
    def index(self):

			




	
	
	
		
 
        c.came_from = safe_str(request.GET.pop('came_from', ''))

			




	
	
	
		
 
        if self._validate_came_from(c.came_from):

			




	
	
	
		
 
        if c.came_from:

			




	
	
	
		
 
            if not self._validate_came_from(c.came_from):

			




	
	
	
		
 
                log.error('Invalid came_from (not server-relative): %r', c.came_from)

			




	
	
	
		
 
                raise HTTPBadRequest()

			




	
	
	
		
 
            came_from = url(c.came_from, **request.GET)

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            c.came_from = came_from = url('home')

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.