Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #5227 -- Made the redirect security check in django.contrib.aut…

…h.views.login() tighter. Thanks, Sander Dijkhuis

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6004 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 375c88d2bcb98e80b38b0ad3b6e7116b80c13064 1 parent b3103fe
Adrian Holovaty authored August 25, 2007
1  AUTHORS
@@ -94,6 +94,7 @@ answer newbie questions, and generally made Django that much better:
94 94
     Alex Dedul
95 95
     deric@monowerks.com
96 96
     Max Derkachev <mderk@yandex.ru>
  97
+    Sander Dijkhuis <sander.dijkhuis@gmail.com>
97 98
     Jordan Dimov <s3x3y1@gmail.com>
98 99
     dne@mayonnaise.net
99 100
     Maximillian Dornseif <md@hudora.de>
2  django/contrib/auth/views.py
@@ -17,7 +17,7 @@ def login(request, template_name='registration/login.html'):
17 17
         errors = manipulator.get_validation_errors(request.POST)
18 18
         if not errors:
19 19
             # Light security check -- make sure redirect_to isn't garbage.
20  
-            if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
  20
+            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
21 21
                 from django.conf import settings
22 22
                 redirect_to = settings.LOGIN_REDIRECT_URL
23 23
             from django.contrib.auth import login

0 notes on commit 375c88d

Please sign in to comment.
Something went wrong with that request. Please try again.