Fixed: inappropriate redirection to login or register page may occur (#2206). Eg. user clicks login link twice before logging in.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2062 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-11-27 20:15:45 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-11-27 20:15:45 +0000
commit: 5014b23c2ae4a4542ba694d6b9799197609a0a7f (patch)
tree: 213a5af94537207eac941aba5329a8e407f7dce9
parent: a6b6dc60f44f3d1cb28cbcb037c647f33c7e834b (diff)
download: redmine-5014b23c2ae4a4542ba694d6b9799197609a0a7f.tar.gz
redmine-5014b23c2ae4a4542ba694d6b9799197609a0a7f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2f8f493cd..e5719a059 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -127,8 +127,8 @@ class ApplicationController < ActionController::Base
     back_url = CGI.unescape(params[:back_url].to_s)
     if !back_url.blank?
       uri = URI.parse(back_url)
-      # do not redirect user to another host
-      if uri.relative? || (uri.host == request.host)
+      # do not redirect user to another host or to the login or register page
+      if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
         redirect_to(back_url) and return
       end
     end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-11-27 20:15:45 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-11-27 20:15:45 +0000
commit	5014b23c2ae4a4542ba694d6b9799197609a0a7f (patch)
tree	213a5af94537207eac941aba5329a8e407f7dce9
parent	a6b6dc60f44f3d1cb28cbcb037c647f33c7e834b (diff)
download	redmine-5014b23c2ae4a4542ba694d6b9799197609a0a7f.tar.gz redmine-5014b23c2ae4a4542ba694d6b9799197609a0a7f.zip