Django

Code

Changeset 6004

Show
Ignore:
Timestamp:
08/25/07 13:34:28 (1 year ago)
Author:
adrian
Message:

Fixed #5227 -- Made the redirect security check in django.contrib.auth.views.login() tighter. Thanks, Sander Dijkhuis

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/trunk/AUTHORS

    r5990 r6004  
    9595    deric@monowerks.com 
    9696    Max Derkachev <mderk@yandex.ru> 
     97    Sander Dijkhuis <sander.dijkhuis@gmail.com> 
    9798    Jordan Dimov <s3x3y1@gmail.com> 
    9899    dne@mayonnaise.net 

  • django/trunk/django/contrib/auth/views.py

    r5886 r6004  
    1818        if not errors: 
    1919            # Light security check -- make sure redirect_to isn't garbage. 
    20             if not redirect_to or '://' in redirect_to or ' ' in redirect_to: 
     20            if not redirect_to or '//' in redirect_to or ' ' in redirect_to: 
    2121                from django.conf import settings 
    2222                redirect_to = settings.LOGIN_REDIRECT_URL