@@ -127,8 +127,8 class ApplicationController < ActionController::Base | |||
|
127 | 127 | back_url = CGI.unescape(params[:back_url].to_s) |
|
128 | 128 | if !back_url.blank? |
|
129 | 129 | uri = URI.parse(back_url) |
|
130 | # do not redirect user to another host | |
|
131 | if uri.relative? || (uri.host == request.host) | |
|
130 | # do not redirect user to another host or to the login or register page | |
|
131 | if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)}) | |
|
132 | 132 | redirect_to(back_url) and return |
|
133 | 133 | end |
|
134 | 134 | end |
General Comments 0
You need to be logged in to leave comments.
Login now