On 09/16/2015 03:55 PM, Andrew Shadura wrote:
# HG changeset patch
# User Andrew Shadura <[email protected]>
# Date 1442411574 -7200
# Wed Sep 16 15:52:54 2015 +0200
# Node ID 69ea9fc01a602f290b9e78b7cd057a899fa5ff37
# Parent 889ff0f436c8b57f5962e204e699cbabc6d33aac
login: strip possible prefix from came_from if it's present
Also, reject came_from URL not belonging to our application.
It seems to be that the problem is that we put the absolute URL
(url.current()) in came_from; instead we should use PATH_INFO which is
relative to SCRIPT_NAME.
Alternatively, _redirect_to_origin should avoid using the url() function
that will prepend SCRIPT_NAME again ... but that seems less elegant...
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
