Files @ b537babcf966
Branch filter:

Location: kallithea/docs/theme/nature/static/kallithea-logo.svg

b537babcf966 4.4 KiB image/svg+xml Show Annotation Show as Raw Download as Raw
Søren Løvborg
login: include query parameters in came_from

The login controller uses the came_from query argument to determine
the page to continue to after login.

Previously, came_from specified only the URL path (obtained using
h.url.current), and any URL query parameters were passed along as
separate (additional) URL query parameters; to obtain the final redirect
target, h.url was used to combine came_from with the request.GET.

As of this changeset, came_from specifies both the URL path and query
string (obtained using request.path_qs), which means that came_from can
be used directly as the redirect target (as always, WebOb handles the
task of expanding the server relative path to a fully qualified URL).
The mangling of request.GET can also be removed.

The login code appended arbitrary, user-supplied query parameters to
URLs by calling the Routes URLGenerator (h.url) with user-supplied
keyword arguments. This construct is unfortunate, since url only
appends _unknown_ keyword arguments as query parameters, and the
parameter names could overlap with known keyword arguments, possibly
affecting the generated URL in various ways. This changeset removes
this usage from the login code, but other instances remain.

(In practice, the damage is apparently limited to causing an Internal
Server Error when going to e.g. "/_admin/login?host=foo", since WebOb
returns Unicode strings and URLGenerator only allows byte strings for
these keyword arguments.)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" enable-background="new 0 0 163 30" xml:space="preserve" height="30" viewBox="0 0 140 30" width="140" version="1.1" y="0px" x="0px">
  <metadata>
    <rdf:RDF>
      <cc:Work rdf:about="">
        <dc:format>image/svg+xml</dc:format>
        <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
        <dc:title/>
      </cc:Work>
    </rdf:RDF>
  </metadata>
  <g display="none">
    <rect display="inline" height="163" width="256" y="-66.5" x="-24" fill="#404c2c"/>
  </g>
  <g transform="matrix(.83 0 0 1 5.6391 0)">
      <g fill="#b1d579">
        <path d="m26.04 25.875v-20.64l5.451-0.473v21.113h-5.451zm17.215 0h-6.141l-5.451-8.066 5.589-6.704h5.555l-5.555 6.481 6.003 8.289z"/>
        <path d="m58.951 21.592c0 1.141 0.379 1.557 1.242 1.809l-1.138 2.865c-2.174-0.141-3.588-0.668-4.416-2.143-1.311 1.641-3.347 2.225-5.52 2.225-3.657 0-5.969-1.918-5.969-4.617 0-3.227 3.036-4.979 8.59-4.979h1.863v-0.641c0-1.751-0.862-2.28-3.105-2.28-1.173 0-2.967 0.278-4.795 0.779l-1.242-2.893c2.312-0.695 4.83-1.085 6.9-1.085 5.313 0 7.59 1.808 7.59 5.229v5.731zm-5.347 0.194v-2.614h-1.346c-2.484 0-3.691 0.695-3.691 2.169 0 1.169 0.793 1.864 2.139 1.864 1.276 0 2.242-0.529 2.898-1.419z"/>
        <path d="m68.057 21.73c0 0.834 0.345 1.141 0.932 1.141 0.276 0 0.655-0.057 0.897-0.139l1.069 3.115c-0.931 0.305-2.242 0.5-3.519 0.5-3.036 0-4.83-1.447-4.83-4.173v-16.939l5.451-0.473v16.968z"/>
        <path d="m77.785 21.73c0 0.834 0.345 1.141 0.932 1.141 0.276 0 0.655-0.057 0.897-0.139l1.069 3.115c-0.931 0.305-2.242 0.5-3.519 0.5-3.036 0-4.83-1.447-4.83-4.173v-16.939l5.451-0.473v16.968z"/>
        <path d="m88.169 5.819c0 1.418-1.346 2.503-3.243 2.503-1.896 0-3.208-1.085-3.208-2.503 0-1.419 1.312-2.504 3.208-2.504 1.897 0 3.243 1.085 3.243 2.504zm-5.935 20.056v-14.771h5.451v14.771h-5.451z"/>
        <path d="m102.93 25.18c-1.379 0.779-3.312 1.168-4.968 1.168-4.036-0.027-6.003-1.863-6.003-5.341v-6.843h-2.588v-3.06h2.588v-3.199l5.451-0.5v3.7h4.209l-0.587 3.06h-3.622v6.787c0 1.419 0.586 1.92 1.725 1.92 0.621 0 1.242-0.14 1.967-0.501l1.828 2.809z"/>
        <path d="m120.04 15.082v10.793h-5.45v-10.042c0-1.558-0.691-1.975-1.726-1.975-1.208 0-2.208 0.695-3.175 1.892v10.125h-5.45v-20.64l5.45-0.445v7.9c1.483-1.363 3.141-2.059 5.279-2.059 3.174 0 5.072 1.641 5.072 4.451z"/>
        <path d="m139.5 19.783h-11.35c0.379 2.643 1.932 3.365 4.174 3.365 1.484 0 2.795-0.416 4.382-1.308l2.243 2.447c-1.829 1.168-4.176 2.06-7.143 2.06-6.105 0-9.211-3.172-9.211-7.789 0-4.422 3.002-7.928 8.557-7.928 5.242 0 8.451 2.782 8.451 7.566 0.001 0.474-0.033 1.142-0.102 1.587zm-5.244-2.838c-0.034-2.002-0.794-3.394-2.968-3.394-1.793 0-2.896 0.946-3.139 3.589h6.105l0.002-0.195z"/>
        <path d="m156.78 21.592c0 1.141 0.379 1.557 1.242 1.809l-1.139 2.865c-2.175-0.141-3.589-0.668-4.416-2.143-1.312 1.641-3.348 2.225-5.521 2.225-3.658 0-5.97-1.918-5.97-4.617 0-3.227 3.035-4.979 8.59-4.979h1.863v-0.641c0-1.751-0.861-2.28-3.104-2.28-1.172 0-2.968 0.278-4.795 0.779l-1.242-2.893c2.312-0.695 4.83-1.085 6.899-1.085 5.312 0 7.591 1.808 7.591 5.229l0.002 5.731zm-5.347 0.194v-2.614h-1.346c-2.484 0-3.691 0.695-3.691 2.169 0 1.169 0.793 1.864 2.14 1.864 1.275 0 2.24-0.529 2.897-1.419z"/>
      </g>
  </g>
  <g fill="#b1d579">
      <path d="m8.155 18.736c-0.086-0.21-0.048-0.579-0.048-0.579l-0.097-8.098h-1.149l0.098 8.398s-0.034 0.455 0.091 0.709c0.125 0.255 0.413 0.599 0.413 0.599l3.491 3.384s0.107 0.122 0.292 0.486l0.001-1.876-2.884-2.702c0 0.002-0.122-0.11-0.208-0.321z"/>
      <path d="m19.362 23.255c0.088-0.331 0.089-0.608 0.089-0.608l-0.01-2.976h-1.237v3.082s-0.007 0.113-0.069 0.254c-0.063 0.142-0.091 0.173-0.091 0.173l-2.319 2.395h1.569l1.768-1.832c0.001-0.001 0.217-0.17 0.3-0.488z"/>
      <path d="m12.905 15.81c0.18-0.288 0.437-0.463 0.437-0.463l2.998-3.073s0.511-0.461 0.622-0.782c0.108-0.321 0.045-1.436 0.045-1.436l-0.111-6.44h-1.491l0.077 6.441s0.062 0.514 0 0.726-0.294 0.481-0.294 0.481l-3.137 3.212s-0.638 0.705-0.743 0.934c-0.104 0.228-0.057 1.347-0.057 1.347l-0.003 5.005-0.001 1.876-0.002 1.938h1.479l0.051-8.819c-0.002-0.001-0.048-0.66 0.13-0.947z"/>
  </g>
  <g stroke="#b1d579" fill="none" stroke-miterlimit="10">
      <circle cx="18.723" cy="17.973" r="1.698" stroke-width="1.4318"/>
      <circle cx="7.454" cy="7.291" r="2.769" stroke-width="1.7898"/>
  </g>
</svg>
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.