Mercurial > kallithea
changeset 5512:8ee17ef21796 stable
login: use server-relative URLs in came_from correctly
Using h.url to combine came_from with query parameters caused the
SCRIPT_NAME to incorrectly be prepended to came_from, even though
it was already present. This was not a problem if the Kallithea
instance was served directly from the server root ('/') as is common,
but broke setups where Kallithea was served from a prefix.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Fri, 18 Sep 2015 13:57:49 +0200 |
parents | b537babcf966 |
children | cf21a36ac3bb |
files | kallithea/controllers/login.py |
diffstat | 1 files changed, 3 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/login.py Fri Sep 18 13:57:49 2015 +0200 +++ b/kallithea/controllers/login.py Fri Sep 18 13:57:49 2015 +0200 @@ -67,16 +67,15 @@ if not self._validate_came_from(c.came_from): log.error('Invalid came_from (not server-relative): %r', c.came_from) raise HTTPBadRequest() - came_from = url(c.came_from) else: - c.came_from = came_from = url('home') + c.came_from = url('home') not_default = self.authuser.username != User.DEFAULT_USER ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr) # redirect if already logged in if self.authuser.is_authenticated and not_default and ip_allowed: - raise HTTPFound(location=came_from) + raise HTTPFound(location=c.came_from) if request.POST: # import Login Form validator class @@ -106,7 +105,7 @@ else: log_in_user(user, c.form_result['remember'], is_external_auth=False) - raise HTTPFound(location=came_from) + raise HTTPFound(location=c.came_from) return render('/login.html')