From 6180c75a080e1d3c4110f70daa93580ad4ad2e7e Mon Sep 17 00:00:00 2001
From: tobes <toby.junk@gmail.com>
Date: Wed, 26 Jun 2013 11:59:09 +0100
Subject: [PATCH] [#1039] make sure came_from url is sane (local)

---
 ckan/controllers/user.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/ckan/controllers/user.py b/ckan/controllers/user.py
index e2cb1ee2db5..78f4db4f037 100644
--- a/ckan/controllers/user.py
+++ b/ckan/controllers/user.py
@@ -1,5 +1,6 @@
 import logging
 from urllib import quote
+from urlparse import urlparse
 
 from pylons import config
 
@@ -332,7 +333,7 @@ def login(self, error=None):
     def logged_in(self):
         # redirect if needed
         came_from = request.params.get('came_from', '')
-        if came_from:
+        if self._sane_came_from(came_from):
             return h.redirect_to(str(came_from))
 
         if c.user:
@@ -368,7 +369,7 @@ def logout(self):
     def logged_out(self):
         # redirect if needed
         came_from = request.params.get('came_from', '')
-        if came_from:
+        if self._sane_came_from(came_from):
             return h.redirect_to(str(came_from))
         h.redirect_to(controller='user', action='logged_out_page')
 
@@ -640,3 +641,11 @@ def unfollow(self, id):
                              or e.error_dict)
             h.flash_error(error_message)
         h.redirect_to(controller='user', action='read', id=id)
+
+    def _sane_came_from(self, url):
+        '''Returns True if came_from is local'''
+        return not bool(not url
+                        # url has a scheme eg http://
+                        or urlparse(url).scheme
+                        # url starts with // which can be none relative
+                        or (len(url) >= 2 and url.startswith('//')))