From 5014b23c2ae4a4542ba694d6b9799197609a0a7f Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Thu, 27 Nov 2008 20:15:45 +0000 Subject: [PATCH] Fixed: inappropriate redirection to login or register page may occur (#2206). Eg. user clicks login link twice before logging in. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2062 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/application.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 2f8f493cd..e5719a059 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -127,8 +127,8 @@ class ApplicationController < ActionController::Base back_url = CGI.unescape(params[:back_url].to_s) if !back_url.blank? uri = URI.parse(back_url) - # do not redirect user to another host - if uri.relative? || (uri.host == request.host) + # do not redirect user to another host or to the login or register page + if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)}) redirect_to(back_url) and return end end -- 2.39.5