[#1419] Abort with 403 when attempting external redirect

ckan · Jun 26, 2014 · 4bd1f10 · 4bd1f10
1 parent c884448
commit 4bd1f10
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/ckan/controllers/util.py b/ckan/controllers/util.py
@@ -3,6 +3,7 @@
 import ckan.lib.base as base
 import ckan.lib.i18n as i18n
 import ckan.lib.helpers as h
+from ckan.common import _
 
 
 class UtilController(base.BaseController):
@@ -15,7 +16,7 @@ def redirect(self):
         if h.url_is_local(url):
             return base.redirect(url)
         else:
-            return h.redirect_to(controller='home', action='index')
+            base.abort(403, _('Redirecting to external site at %s not allowed.') % url)
 
     def primer(self):
         ''' Render all html components out onto a single page.