# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 2015-09-20 20:22:50
# Node ID ad131f70399652eba7769585254ecd6579a1a55c
# Parent  b98f4431671cba15cb9fb725f46a4bce39607396

login: make it clear that an invalid came_from is an invalid request

diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py
--- a/kallithea/controllers/login.py
+++ b/kallithea/controllers/login.py
@@ -76,7 +76,10 @@ class LoginController(BaseController):
 
     def index(self):
         c.came_from = safe_str(request.GET.pop('came_from', ''))
-        if self._validate_came_from(c.came_from):
+        if c.came_from:
+            if not self._validate_came_from(c.came_from):
+                log.error('Invalid came_from (not server-relative): %r', c.came_from)
+                raise HTTPBadRequest()
             came_from = url(c.came_from, **request.GET)
         else:
             c.came_from = came_from = url('home')