Mercurial > kallithea
changeset 5509:ad131f703996 stable
login: make it clear that an invalid came_from is an invalid request
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Sun, 20 Sep 2015 22:22:50 +0200 |
parents | b98f4431671c |
children | a0a9ae753cc4 |
files | kallithea/controllers/login.py |
diffstat | 1 files changed, 4 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/login.py Sun Sep 20 22:22:50 2015 +0200 +++ b/kallithea/controllers/login.py Sun Sep 20 22:22:50 2015 +0200 @@ -76,7 +76,10 @@ def index(self): c.came_from = safe_str(request.GET.pop('came_from', '')) - if self._validate_came_from(c.came_from): + if c.came_from: + if not self._validate_came_from(c.came_from): + log.error('Invalid came_from (not server-relative): %r', c.came_from) + raise HTTPBadRequest() came_from = url(c.came_from, **request.GET) else: c.came_from = came_from = url('home')