rattail/tailbone
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Fix login redirect if referrer is not internal to site.

Browse source
This commit is contained in:
Lance Edgar 2015-03-05 16:55:09 -06:00
parent d296b5bde5
commit a7ecf445db
2 changed files with 4 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tailbone/subscribers.py
View file

@ -117,11 +117,9 @@ def context_found(event):
if request.session.get('referrer'): if request.session.get('referrer'):
return request.session.pop('referrer') return request.session.pop('referrer')
referrer = request.referrer referrer = request.referrer
if not referrer or referrer == request.current_route_url(): if (not referrer or referrer == request.current_route_url()
if default: or not referrer.startswith(request.host_url)):
referrer = default referrer = default or request.route_url('home')
else:
referrer = request.route_url('home')
return referrer return referrer
request.get_referrer = get_referrer request.get_referrer = get_referrer

6
tailbone/views/auth.py
View file

@ -56,11 +56,7 @@ def forbidden(request):
# Store current URL in session, for smarter redirect after login. # Store current URL in session, for smarter redirect after login.
request.session['next_url'] = request.current_route_url() request.session['next_url'] = request.current_route_url()
request.session.flash(msg, allow_duplicate=False) request.session.flash(msg, allow_duplicate=False)
return HTTPFound(location=request.get_referrer())
url = request.referer
if not url or url == request.current_route_url():
url = request.route_url('home')
return HTTPFound(location=url)
class UserLogin(formencode.Schema): class UserLogin(formencode.Schema):