Fixed #5227 -- Made the redirect security check in…

Fixed #5227 -- Made the redirect security check in django.contrib.auth.views.login() tighter. Thanks, Sander Dijkhuis git-svn-id: http://code.djangoproject.com/svn/django/trunk@6004 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #5227 -- Made the redirect security check in…
Fixed #5227 -- Made the redirect security check in django.contrib.auth.views.login() tighter. Thanks, Sander Dijkhuis git-svn-id: http://code.djangoproject.com/svn/django/trunk@6004 bcc190cf-cafb-0310-a4f2-bffc1f526a37
375c88d2 · Adrian Holovaty · b3103fee · 375c88d2 · 375c88d2
Kaydet (Commit) 375c88d2 authored Agu 25, 2007 tarafından Adrian Holovaty
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

AUTHORS AUTHORS +1 -0

views.py django/contrib/auth/views.py +1 -1

No files found.
--- a/AUTHORS
+++ b/AUTHORS
@@ -94,6 +94,7 @@ answer newbie questions, and generally made Django that much better:
    Alex Dedul
    deric@monowerks.com
    Max Derkachev <mderk@yandex.ru>
+    Sander Dijkhuis <sander.dijkhuis@gmail.com>
    Jordan Dimov <s3x3y1@gmail.com>
    dne@mayonnaise.net
    Maximillian Dornseif <md@hudora.de>

--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -17,7 +17,7 @@ def login(request, template_name='registration/login.html'):
        errors = manipulator.get_validation_errors(request.POST)
        if not errors:
            # Light security check -- make sure redirect_to isn't garbage.
-            if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
+            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
                from django.conf import settings
                redirect_to = settings.LOGIN_REDIRECT_URL
            from django.contrib.auth import login