Mercurial > kallithea
view CONTRIBUTORS @ 5511:b537babcf966 stable
login: include query parameters in came_from
The login controller uses the came_from query argument to determine
the page to continue to after login.
Previously, came_from specified only the URL path (obtained using
h.url.current), and any URL query parameters were passed along as
separate (additional) URL query parameters; to obtain the final redirect
target, h.url was used to combine came_from with the request.GET.
As of this changeset, came_from specifies both the URL path and query
string (obtained using request.path_qs), which means that came_from can
be used directly as the redirect target (as always, WebOb handles the
task of expanding the server relative path to a fully qualified URL).
The mangling of request.GET can also be removed.
The login code appended arbitrary, user-supplied query parameters to
URLs by calling the Routes URLGenerator (h.url) with user-supplied
keyword arguments. This construct is unfortunate, since url only
appends _unknown_ keyword arguments as query parameters, and the
parameter names could overlap with known keyword arguments, possibly
affecting the generated URL in various ways. This changeset removes
this usage from the login code, but other instances remain.
(In practice, the damage is apparently limited to causing an Internal
Server Error when going to e.g. "/_admin/login?host=foo", since WebOb
returns Unicode strings and URLGenerator only allows byte strings for
these keyword arguments.)
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Fri, 18 Sep 2015 13:57:49 +0200 |
parents | 7918ed610324 |
children | 84bb160aac6d |
line wrap: on
line source
List of contributors to Kallithea project: Mads Kiilerich <madski@unity3d.com> 2012-2015 Takumi IINO <trot.thunder@gmail.com> 2012-2015 Unity Technologies 2012-2015 Andrew Shadura <andrew@shadura.me> 2012 2014-2015 Aras Pranckevičius <aras@unity3d.com> 2012-2013 2015 Sean Farley <sean.michael.farley@gmail.com> 2013-2015 Christian Oyarzun <oyarzun@gmail.com> 2014-2015 Joseph Rivera <rivera.d.joseph@gmail.com> 2014-2015 Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> 2014-2015 Anatoly Bubenkov <bubenkoff@gmail.com> 2015 Andrew Bartlett <abartlet@catalyst.net.nz> 2015 Balázs Úr <urbalazs@gmail.com> 2015 Ben Finney <ben@benfinney.id.au> 2015 Branko Majic <branko@majic.rs> 2015 Daniel Hobley <danielh@unity3d.com> 2015 David Avigni <david.avigni@ankapi.com> 2015 Denis Blanchette <dblanchette@coveo.com> 2015 duanhongyi <duanhongyi@doopai.com> 2015 EriCSN Chang <ericsning@gmail.com> 2015 Étienne Gilli <etienne.gilli@gmail.com> 2015 Grzegorz Krason <grzegorz.krason@gmail.com> 2015 Jan Heylen <heyleke@gmail.com> 2015 Kazunari Kobayashi <kobanari@nifty.com> 2015 Kevin Bullock <kbullock@ringworld.org> 2015 kobanari <kobanari@nifty.com> 2015 Marc Abramowitz <marc@marc-abramowitz.com> 2015 Marc Villetard <marc.villetard@gmail.com> 2015 Matthias Zilk <matthias.zilk@gmail.com> 2015 Michael Pohl <michael@mipapo.de> 2015 Michael V. DePalatis <mike@depalatis.net> 2015 Morten Skaaning <mortens@unity3d.com> 2015 Nick High <nick@silverchip.org> 2015 Niemand Jedermann <predatorix@web.de> 2015 Peter Vitt <petervitt@web.de> 2015 Robert Martinez <ntttq@inboxen.org> 2015 Ronny Pfannschmidt <opensource@ronnypfannschmidt.de> 2015 Sam Jaques <sam.jaques@me.com> 2015 Søren Løvborg <sorenl@unity3d.com> 2015 Tuux <tuxa@galaxie.eu.org> 2015 Viktar Palstsiuk <vipals@gmail.com> 2015 Dominik Ruf <dominikruf@gmail.com> 2012 2014 Bradley M. Kuhn <bkuhn@sfconservancy.org> 2014 Calinou <calinou@opmbx.org> 2014 Daniel Anderson <daniel@dattrix.com> 2014 Henrik Stuart <hg@hstuart.dk> 2014 Ingo von Borstel <kallithea@planetmaker.de> 2014 Jelmer Vernooij <jelmer@samba.org> 2014 Jim Hague <jim.hague@acm.org> 2014 Matt Fellows <kallithea@matt-fellows.me.uk> 2014 Max Roman <max@choloclos.se> 2014 Michal Čihař <michal@cihar.com> 2014 Na'Tosha Bard <natosha@unity3d.com> 2014 Rasmus Selsmark <rasmuss@unity3d.com> 2014 Tim Freund <tim@freunds.net> 2014 Travis Burtrum <android@moparisthebest.com> 2014 Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com> 2014 Marcin Kuźmiński <marcin@python-works.com> 2010-2013 xpol <xpolife@gmail.com> 2012-2013 Aparkar <aparkar@icloud.com> 2013 Dennis Brakhane <brakhane@googlemail.com> 2013 Grzegorz Rożniecki <xaerxess@gmail.com> 2013 Jonathan Sternberg <jonathansternberg@gmail.com> 2013 Leonardo Carneiro <leonardo@unity3d.com> 2013 Magnus Ericmats <magnus.ericmats@gmail.com> 2013 Martin Vium <martinv@unity3d.com> 2013 Simon Lopez <simon.lopez@slopez.org> 2013 Ton Plomp <tcplomp@gmail.com> 2013 Augusto Herrmann <augusto.herrmann@planejamento.gov.br> 2011-2012 Dan Sheridan <djs@adelard.com> 2012 Dies Koper <diesk@fast.au.fujitsu.com> 2012 Erwin Kroon <e.kroon@smartmetersolutions.nl> 2012 H Waldo G <gwaldo@gmail.com> 2012 hppj <hppj@postmage.biz> 2012 Indra Talip <indra.talip@gmail.com> 2012 mikespook 2012 nansenat16 <nansenat16@null.tw> 2012 Philip Jameson <philip.j@hostdime.com> 2012 Raoul Thill <raoul.thill@gmail.com> 2012 Stefan Engel <mail@engel-stefan.de> 2012 Tony Bussieres <t.bussieres@gmail.com> 2012 Vincent Caron <vcaron@bearstech.com> 2012 Vincent Duvert <vincent@duvert.net> 2012 Vladislav Poluhin <nuklea@gmail.com> 2012 Zachary Auclair <zach101@gmail.com> 2012 Ankit Solanki <ankit.solanki@gmail.com> 2011 Dmitri Kuznetsov 2011 Jared Bunting <jared.bunting@peachjean.com> 2011 Jason Harris <jason@jasonfharris.com> 2011 Les Peabody <lpeabody@gmail.com> 2011 Liad Shani <liadff@gmail.com> 2011 Lorenzo M. Catucci <lorenzo@sancho.ccd.uniroma2.it> 2011 Matt Zuba <matt.zuba@goodwillaz.org> 2011 Nicolas VINOT <aeris@imirhil.fr> 2011 Shawn K. O'Shea <shawn@eth0.net> 2011 Thayne Harbaugh <thayne@fusionio.com> 2011 Łukasz Balcerzak <lukaszbalcerzak@gmail.com> 2010 Andrew Kesterson <andrew@aklabs.net> cejones David A. Sjøen <david.sjoen@westcon.no> James Rhodes <jrhodes@redpointsoftware.com.au> Jonas Oberschweiber <jonas.oberschweiber@d-velop.de> larikale RhodeCode GmbH Sebastian Kreutzberger <sebastian@rhodecode.com> Steve Romanow <slestak989@gmail.com> SteveCohen Thomas <thomas@rhodecode.com> Thomas Waldmann <tw-public@gmx.de>