id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 11457,Login Redirect Security Check Overly Broad,dnagoda@…,,"I believe that the fix implemented for [http://code.djangoproject.com/ticket/5227 bug #5227] is overly broad. If the original URL contains a GET parameter that is itself a URL, then the resultant 'next' parameter created during the redirect to the login screen will look like this: {{{ /original/path/?param=http%3A//example.com/ }}} Given that the check for '//' in the redirect checks the entire string, a GET parameter as above will cause the security check to be triggered and the user will be redirected incorrectly. If the desire to to protect against redirect URLs that start with '//' (scheme-less URL) then I think it's better to be explicit and change [http://code.djangoproject.com/browser/django/branches/releases/1.0.X/django/contrib/auth/views.py#L24 line 24] of django.contrib.auth.views to this: {{{ if not redirect_to or redirect_to.startswith('//') or '://' in redirect_to or ' ' in redirect_to: }}}",,closed,contrib.auth,1.0,,fixed,auth login redirect next,dnagoda@… django@…,Accepted,1,0,0,0,0,0