8 Feb
2011
8 Feb
'11
8:59 a.m.
On 2/7/11 18:03 PM, Roger wrote:
why not use the same pattern like I changed to in z3c.authenticator. There the camefrom request part was replaced by session handling.
On the other side, I think your changes are fine since, I guess someone from gocept, a long time ago, fixed and protected the redirect method.
Ok, thanks for your feedback! I applied the patch, added a test just to show a redirect to a suspicious URL will by default not work and released zope.pluggableauth 1.3 regards, jw