Make permission denied redirects host relative.

This helps fix infinite redirect loops when HTTP_X_FORWARDED_HOST is set, and fixes redirects back to external domains on authentication errors. Fixes #3207
cakephp · Sep 14, 2012 · 0282194 · 0282194
1 parent d33f676
commit 0282194
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
@@ -332,7 +332,7 @@ public function startup(Controller $controller) {
 		if (!empty($this->loginRedirect)) {
 			$default = $this->loginRedirect;
 		}
-		$controller->redirect($controller->referer($default), null, true);
+		$controller->redirect($controller->referer($default, true), null, true);
 		return false;
 	}