[open-ils-commits] ***SPAM*** [GIT] Evergreen ILS branch rel_2_7 updated. 8943e1c8f2201a477af1f8089b95d781056fd2d6

Evergreen Git git at git.evergreen-ils.org
Fri Oct 3 02:20:52 EDT 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_7 has been updated
       via  8943e1c8f2201a477af1f8089b95d781056fd2d6 (commit)
      from  832a3dc2bdde68b18b84b19bc80585242a69015f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8943e1c8f2201a477af1f8089b95d781056fd2d6
Author: Jeff Davis <jdavis at sitka.bclibraries.ca>
Date:   Fri May 16 15:14:43 2014 -0700

    LP#1314827: On login, don't allow referer-based redirect to external site
    
    On /eg/opac/login, if no redirect_to param is provided, the TPAC will
    attempt to use the referer (if any) as the redirect destination. This
    leads to undesirable behavior if the referring URL is from an external
    site.
    
    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>
    Signed-off-by: Ben Shum <bshum at biblio.org>

diff --git a/Open-ILS/src/templates/opac/parts/login/form.tt2 b/Open-ILS/src/templates/opac/parts/login/form.tt2
index 2861fa0..9b13f58 100644
--- a/Open-ILS/src/templates/opac/parts/login/form.tt2
+++ b/Open-ILS/src/templates/opac/parts/login/form.tt2
@@ -37,9 +37,13 @@
         </div>
         <div style="clear: both; padding-top: 15px;">
         [%
+            redirect = CGI.param('redirect_to');
+            # Don't use referer unless we got here from elsewhere within the TPAC
+            IF !redirect AND ctx.referer.match('^https?://' _ ctx.hostname _ ctx.opac_root);
+                redirect = ctx.referer;
+            END;
             # If no redirect is offered or it's leading us back to the
             # login form, redirect the user to My Account
-            redirect = CGI.param('redirect_to') || ctx.referer;
             IF !redirect OR redirect.match(ctx.path_info _ '$');
                 redirect = CGI.url('-full' => 1) _ '/opac/myopac/main';
             END;

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/src/templates/opac/parts/login/form.tt2 |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list