From 2d59e86ab985f1c83a95432a0035159230bcdc7f Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Tue, 23 Jul 2013 01:05:09 -0500
Subject: [PATCH 1/2] removed e, no None in IS_JSON

---
 VERSION             | 2 +-
 gluon/validators.py | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/VERSION b/VERSION
index f8a2f479..e1bfa671 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.6.0-development+timestamp.2013.07.22.14.51.29
+Version 2.6.0-development+timestamp.2013.07.23.01.03.38
diff --git a/gluon/validators.py b/gluon/validators.py
index 21d94a2f..7b4294f1 100644
--- a/gluon/validators.py
+++ b/gluon/validators.py
@@ -351,14 +351,12 @@ class IS_JSON(Validator):
         self.error_message = error_message
 
     def __call__(self, value):
-        if value is None:
-            return None
         try:
             if self.native_json:
                 simplejson.loads(value) # raises error in case of malformed json
                 return (value, None) #  the serialized value is not passed
             return (simplejson.loads(value), None)
-        except JSONErrors, e:
+        except JSONErrors:
             return (value, translate(self.error_message))
 
     def formatter(self,value):

From e6271dd5f111edf817eeafb1d71f88f4009f9850 Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Tue, 23 Jul 2013 02:06:42 -0500
Subject: [PATCH 2/2] fixed possible _next vulnerability

---
 VERSION        | 2 +-
 gluon/tools.py | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/VERSION b/VERSION
index e1bfa671..1e9bc0d6 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.6.0-development+timestamp.2013.07.23.01.03.38
+Version 2.6.0-development+timestamp.2013.07.23.02.04.35
diff --git a/gluon/tools.py b/gluon/tools.py
index 59747ce6..dced42c2 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -2046,7 +2046,12 @@ class Auth(object):
         ### pass
 
         if next is DEFAULT:
-            next = self.next or self.settings.login_next
+            # important for security
+            next = self.settings.login_next
+            if self.next:
+                host = self.next.split('//',1)[-1].split('/')[0]
+                if host in self.settings.cas_domains:
+                    next = self.next
         if onvalidation is DEFAULT:
             onvalidation = self.settings.login_onvalidation
         if onaccept is DEFAULT: