From 5014b23c2ae4a4542ba694d6b9799197609a0a7f Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Thu, 27 Nov 2008 20:15:45 +0000
Subject: [PATCH] Fixed: inappropriate redirection to login or register page
 may occur (#2206). Eg. user clicks login link twice before logging in.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2062 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/application.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2f8f493cd..e5719a059 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -127,8 +127,8 @@ class ApplicationController < ActionController::Base
     back_url = CGI.unescape(params[:back_url].to_s)
     if !back_url.blank?
       uri = URI.parse(back_url)
-      # do not redirect user to another host
-      if uri.relative? || (uri.host == request.host)
+      # do not redirect user to another host or to the login or register page
+      if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
         redirect_to(back_url) and return
       end
     end
-- 
2.39.5