jro_apps/redmine Commit - r2060:5014b23c2ae4

Fixed: inappropriate redirection to login or register page may occur (#2206). Eg. user clicks login link twice before logging in....

Jean-Philippe Lang -

r2060:5014b23c2ae4

parent child

Context file:

r2060:5014b23c2ae4

app/controllers/application.rb +2 -2

                 back_url = CGI.unescape(params[:back_url].to_s)
                 if !back_url.blank?
                   uri = URI.parse(back_url)
-                  # do not redirect user to another host
+                  # do not redirect user to another host or to the login or register page
-                  if uri.relative? || (uri.host == request.host)
+                  if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
                     redirect_to(back_url) and return
                   end
                 end

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages