On 2/7/11 12:04 PM, Adam GROSZER wrote:
> I'm not sure whether you open up a security hole there.
> Imagine that someone does a
> We ended up with storing the camefrom URL in a session variable.
The redirect method in the zope publisher checks whether the redirect is
"trusted" to go to a different host. The trusted arguments is "False" by
default. I think will catch this situation just fine. Or doesn't it?
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -