From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Thu, 27 Nov 2008 20:15:45 +0000 (+0000)
Subject: Fixed: inappropriate redirection to login or register page may occur (#2206). Eg... 
X-Git-Tag: 0.8.0-RC1~38
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=5014b23c2ae4a4542ba694d6b9799197609a0a7f;p=redmine.git

Fixed: inappropriate redirection to login or register page may occur (#2206). Eg. user clicks login link twice before logging in.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2062 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2f8f493cd..e5719a059 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -127,8 +127,8 @@ class ApplicationController < ActionController::Base
     back_url = CGI.unescape(params[:back_url].to_s)
     if !back_url.blank?
       uri = URI.parse(back_url)
-      # do not redirect user to another host
-      if uri.relative? || (uri.host == request.host)
+      # do not redirect user to another host or to the login or register page
+      if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
         redirect_to(back_url) and return
       end
     end