From 182b385734a62374c5f2ae30c07fdbbd84de8d7f Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Tue, 23 Jul 2013 11:09:14 -0500
Subject: [PATCH] better next validation, thanks Andre Kablu

---
 VERSION        |  2 +-
 gluon/tools.py | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/VERSION b/VERSION
index 28446fd5..40d80c03 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.6.0-development+timestamp.2013.07.23.08.39.39
+Version 2.6.0-development+timestamp.2013.07.23.11.07.29
diff --git a/gluon/tools.py b/gluon/tools.py
index dced42c2..545e359d 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -2048,10 +2048,15 @@ class Auth(object):
         if next is DEFAULT:
             # important for security
             next = self.settings.login_next
-            if self.next:
-                host = self.next.split('//',1)[-1].split('/')[0]
-                if host in self.settings.cas_domains:
-                    next = self.next
+            user_next = self.next
+            if user_next:
+                external = user_next.split('://')
+                if external[0].lower() in ['http', 'https', 'ftp']:
+                    host_next = user_next.split('//', 1)[-1].split('/')[0]
+                    if host_next in self.settings.cas_domains:
+                        next = user_next
+                else:
+                    next = user_next
         if onvalidation is DEFAULT:
             onvalidation = self.settings.login_onvalidation
         if onaccept is DEFAULT: