Show More
| @@ -25,7 +25,11 b' class LoginHandler(IPythonHandler):' | |||||
| 25 |
|
25 | |||
| 26 | def get(self): |
|
26 | def get(self): | |
| 27 | if self.current_user: |
|
27 | if self.current_user: | |
| 28 |
|
|
28 | next_url = self.get_argument('next', default=self.base_url) | |
|
|
29 | if not next_url.startswith(self.base_url): | |||
|
|
30 | # require that next_url be absolute path within our path | |||
|
|
31 | next_url = self.base_url | |||
|
|
32 | self.redirect(next_url) | |||
| 29 | else: |
|
33 | else: | |
| 30 | self._render() |
|
34 | self._render() | |
| 31 |
|
35 | |||
| @@ -48,7 +52,11 b' class LoginHandler(IPythonHandler):' | |||||
| 48 | self._render(message={'error': 'Invalid password'}) |
|
52 | self._render(message={'error': 'Invalid password'}) | |
| 49 | return |
|
53 | return | |
| 50 |
|
54 | |||
| 51 |
|
|
55 | next_url = self.get_argument('next', default=self.base_url) | |
|
|
56 | if not next_url.startswith(self.base_url): | |||
|
|
57 | # require that next_url be absolute path within our path | |||
|
|
58 | next_url = self.base_url | |||
|
|
59 | self.redirect(next_url) | |||
| 52 |
|
60 | |||
| 53 | @classmethod |
|
61 | @classmethod | |
| 54 | def get_user(cls, handler): |
|
62 | def get_user(cls, handler): | |
General Comments 0
You need to be logged in to leave comments.
Login now