No a security issue but definitively something is wrong. Not in the call
you show but it appears some times you have two _next parameters as in
...login/_next=...&_next=....
so in your code you should do
if isinstance(request.vars._next, list): request.vars._next = request.vars.
_next[0]
if 'default/index' in request.vars._next: do something...
On Sunday, 2 August 2015 21:01:45 UTC-5, Alex Glaros wrote:
>
> I typed this in user.html
>
> {{=request.get_vars}} : print request.get_vars <br>
> {{=request.post_vars}} : print request.post_vars
>
>
> and got this:
>
> <Storage {'_next': '/ES1/default/index'}> : print request.get_vars
> <Storage {}> : print request.post_vars
>
> It's a little over my head so will postpone working on it until I know w2p
> a little better. Unless anyone thinks this is a major security issue.
>
> thanks
>
> Alex
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
