kolan/obsolete.ChilliProject
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed: inappropriate redirection to login or register page may occur (#2206). Eg. user clicks login link twice before logging in.

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2062 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2008-11-27 20:15:45 +00:00
parent a6b6dc60f4
commit 5014b23c2a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/application.rb
View File

@ -127,8 +127,8 @@ class ApplicationController < ActionController::Base
back_url = CGI.unescape(params[:back_url].to_s) back_url = CGI.unescape(params[:back_url].to_s)
if !back_url.blank? if !back_url.blank?
uri = URI.parse(back_url) uri = URI.parse(back_url)
# do not redirect user to another host # do not redirect user to another host or to the login or register page
if uri.relative? || (uri.host == request.host) if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
redirect_to(back_url) and return redirect_to(back_url) and return
end end
end end