better next validation, thanks Andre Kablu

2013-07-23 11:09:14 -05:00
parent a340de8c1e
commit 182b385734
2 changed files with 10 additions and 5 deletions
@@ -1 +1 @@
-Version 2.6.0-development+timestamp.2013.07.23.08.39.39
+Version 2.6.0-development+timestamp.2013.07.23.11.07.29
@@ -2048,10 +2048,15 @@ class Auth(object):
        if next is DEFAULT:
            # important for security
            next = self.settings.login_next
-            if self.next:
-                host = self.next.split('//',1)[-1].split('/')[0]
-                if host in self.settings.cas_domains:
-                    next = self.next
+            user_next = self.next
+            if user_next:
+                external = user_next.split('://')
+                if external[0].lower() in ['http', 'https', 'ftp']:
+                    host_next = user_next.split('//', 1)[-1].split('/')[0]
+                    if host_next in self.settings.cas_domains:
+                        next = user_next
+                else:
+                    next = user_next
        if onvalidation is DEFAULT:
            onvalidation = self.settings.login_onvalidation
        if onaccept is DEFAULT: