0001-general-don-t-use-session-for-after_url-persistence-.patch
extra/modules/root.py | ||
---|---|---|
666 | 666 |
ident_methods = get_cfg('identification', {}).get('methods', []) |
667 | 667 | |
668 | 668 |
if get_request().form.get('ReturnUrl'): |
669 |
get_session().after_url = get_request().form.get('ReturnUrl')
|
|
669 |
get_request().form['next'] = get_request().form.pop('ReturnUrl')
|
|
670 | 670 | |
671 | 671 |
if 'IsPassive' in get_request().form and 'idp' in ident_methods: |
672 | 672 |
# if isPassive is given in query parameters, we restrict ourselves |
... | ... | |
678 | 678 |
# possibility of SSO, if we got there as a consequence of an access |
679 | 679 |
# unauthorized url on admin/ or backoffice/, then idp auth method |
680 | 680 |
# is chosen forcefully. |
681 |
after_url = get_session().after_url
|
|
681 |
after_url = get_request().form.get('next')
|
|
682 | 682 |
if after_url: |
683 | 683 |
root_url = get_publisher().get_root_url() |
684 | 684 |
after_path = urlparse.urlparse(after_url)[2] |
685 |
- |