Ticket #12534: 12534.patch

File 12534.patch, 915 bytes (added by Jannis Vajen, 14 years ago)

Removes check for space in redirect_to

  • django/contrib/auth/views.py

    diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
    index 8d0453f..c34a4a3 100644
    a b def login(request, template_name='registration/login.html',  
    3434        if form.is_valid():
    3535            netloc = urlparse.urlparse(redirect_to)[1]
    3636
    37             # Light security check -- make sure redirect_to isn't garbage.
    38             if not redirect_to or ' ' in redirect_to:
     37            # Use default setting if redirect_to is empty
     38            if not redirect_to:
    3939                redirect_to = settings.LOGIN_REDIRECT_URL
    4040
    41             # Heavier security check -- don't allow redirection to a different
     41            # Security check -- don't allow redirection to a different
    4242            # host.
    4343            elif netloc and netloc != request.get_host():
    4444                redirect_to = settings.LOGIN_REDIRECT_URL
Back to Top