diff --git a/VERSION b/VERSION
index f8a2f479..1e9bc0d6 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.6.0-development+timestamp.2013.07.22.14.51.29
+Version 2.6.0-development+timestamp.2013.07.23.02.04.35
diff --git a/gluon/tools.py b/gluon/tools.py
index 59747ce6..dced42c2 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -2046,7 +2046,12 @@ class Auth(object):
         ### pass
 
         if next is DEFAULT:
-            next = self.next or self.settings.login_next
+            # important for security
+            next = self.settings.login_next
+            if self.next:
+                host = self.next.split('//',1)[-1].split('/')[0]
+                if host in self.settings.cas_domains:
+                    next = self.next
         if onvalidation is DEFAULT:
             onvalidation = self.settings.login_onvalidation
         if onaccept is DEFAULT:
diff --git a/gluon/validators.py b/gluon/validators.py
index 21d94a2f..7b4294f1 100644
--- a/gluon/validators.py
+++ b/gluon/validators.py
@@ -351,14 +351,12 @@ class IS_JSON(Validator):
         self.error_message = error_message
 
     def __call__(self, value):
-        if value is None:
-            return None
         try:
             if self.native_json:
                 simplejson.loads(value) # raises error in case of malformed json
                 return (value, None) #  the serialized value is not passed
             return (simplejson.loads(value), None)
-        except JSONErrors, e:
+        except JSONErrors:
             return (value, translate(self.error_message))
 
     def formatter(self,value):