On 2/7/11 18:03 PM, Roger wrote:
> why not use the same pattern like I changed to in z3c.authenticator.
> There the camefrom request part was replaced by session handling.
> On the other side, I think your changes are fine since, I guess
> someone from gocept, a long time ago, fixed and protected the
> redirect method.

Ok, thanks for your feedback!

I applied the patch, added a test just to show a redirect to a 
suspicious URL will by default not work and released zope.pluggableauth 1.3

regards, jw

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to