On 2/7/11 18:03 PM, Roger wrote:
> why not use the same pattern like I changed to in z3c.authenticator.
> There the camefrom request part was replaced by session handling.
> On the other side, I think your changes are fine since, I guess
> someone from gocept, a long time ago, fixed and protected the
> redirect method.
Ok, thanks for your feedback!
I applied the patch, added a test just to show a redirect to a
suspicious URL will by default not work and released zope.pluggableauth 1.3
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -