Mercurial > kallithea

changeset 5512:8ee17ef21796 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
login: use server-relative URLs in came_from correctly Using h.url to combine came_from with query parameters caused the SCRIPT_NAME to incorrectly be prepended to came_from, even though it was already present. This was not a problem if the Kallithea instance was served directly from the server root ('/') as is common, but broke setups where Kallithea was served from a prefix.
author Søren Løvborg <sorenl@unity3d.com>
date Fri, 18 Sep 2015 13:57:49 +0200
parents b537babcf966
children cf21a36ac3bb
files kallithea/controllers/login.py
diffstat 1 files changed, 3 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/controllers/login.py	Fri Sep 18 13:57:49 2015 +0200
+++ b/kallithea/controllers/login.py	Fri Sep 18 13:57:49 2015 +0200
@@ -67,16 +67,15 @@
             if not self._validate_came_from(c.came_from):
                 log.error('Invalid came_from (not server-relative): %r', c.came_from)
                 raise HTTPBadRequest()
-            came_from = url(c.came_from)
         else:
-            c.came_from = came_from = url('home')
+            c.came_from = url('home')
 
         not_default = self.authuser.username != User.DEFAULT_USER
         ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)
 
         # redirect if already logged in
         if self.authuser.is_authenticated and not_default and ip_allowed:
-            raise HTTPFound(location=came_from)
+            raise HTTPFound(location=c.came_from)
 
         if request.POST:
             # import Login Form validator class
@@ -106,7 +105,7 @@
             else:
                 log_in_user(user, c.form_result['remember'],
                     is_external_auth=False)
-                raise HTTPFound(location=came_from)
+                raise HTTPFound(location=c.came_from)
 
         return render('/login.html')