[Zope-dev] zope.pluggableauth and camefrom information in login form not an absolute URL

Hi, The SessionCredentialsPlugin will redirect to a login form whenever a user needs to be authenticated. The URL to this login form will have a camefrom query string, where the camefrom is the path-information to the originally requested view. When the credentials provided by the user are

Re: [Zope-dev] zope.pluggableauth and camefrom information in login form not an absolute URL

Hello, I'm not sure whether you open up a security hole there. Imagine that someone does a http://yoursite.com/@@loginform.html?camefrom=http://mysite.com We ended up with storing the camefrom URL in a session variable. On Mon, 07 Feb 2011 10:42:33 +0100 you wrote: Hi, The

Re: [Zope-dev] zope.pluggableauth and camefrom information in login form not an absolute URL

On 2/7/11 12:04 PM, Adam GROSZER wrote: Hello, I'm not sure whether you open up a security hole there. Imagine that someone does a http://yoursite.com/@@loginform.html?camefrom=http://mysite.com We ended up with storing the camefrom URL in a session variable. The redirect method in the zope

Re: [Zope-dev] zope.pluggableauth and camefrom information in login form not an absolute URL

Hello, On Mon, 07 Feb 2011 12:15:40 +0100 you wrote: On 2/7/11 12:04 PM, Adam GROSZER wrote: Hello, I'm not sure whether you open up a security hole there. Imagine that someone does a http://yoursite.com/@@loginform.html?camefrom=http://mysite.com We ended up with storing the camefrom URL

[Zope-dev] Zope Tests: 112 OK, 23 Failed

Summary of messages to the zope-tests list. Period Sun Feb 6 12:00:00 2011 UTC to Mon Feb 7 12:00:00 2011 UTC. There were 135 messages: 8 from Zope Tests, 4 from buildbot at pov.lt, 31 from buildbot at winbot.zope.org, 11 from ccomb at free.fr, 81 from jdriessen at thehealthagency.com. Test

Re: [Zope-dev] zope.pluggableauth and camefrom information in login form not an absolute URL

On 7 February 2011 12:29, Adam GROSZER agros...@gmail.com wrote: Hello, On Mon, 07 Feb 2011 12:15:40 +0100 you wrote: On 2/7/11 12:04 PM, Adam GROSZER wrote: Hello, I'm not sure whether you open up a security hole there. Imagine that someone does a

Re: [Zope-dev] zope.pluggableauth and camefrom information in login form not an absolute URL

Hi all information in login form not an absolute URL Hello, On Mon, 07 Feb 2011 12:15:40 +0100 you wrote: On 2/7/11 12:04 PM, Adam GROSZER wrote: Hello, I'm not sure whether you open up a security hole there. Imagine that someone does a

[Zope-dev] Time for a z3c.blobfile release

There have been a couple of fixes to z3c.blobfile. Would one of the package owners (uoestermeier, nadako) be able to make a new release to pypi? Thanks! Laurence ___ Zope-Dev maillist - Zope-Dev@zope.org