[Zope-dev] zope.pluggableauth and "camefrom" information in login form not an absolute URL

Jan-Wijbrand Kolman janwijbrand at gmail.com
Tue Feb 8 03:59:59 EST 2011


On 2/7/11 18:03 PM, Roger wrote:
> why not use the same pattern like I changed to in z3c.authenticator.
> There the camefrom request part was replaced by session handling.
>
> On the other side, I think your changes are fine since, I guess
> someone from gocept, a long time ago, fixed and protected the
> redirect method.

Ok, thanks for your feedback!

I applied the patch, added a test just to show a redirect to a 
suspicious URL will by default not work and released zope.pluggableauth 1.3

regards, jw



More information about the Zope-Dev mailing list