Projet

Général

Profil

« Précédent | Suivant » 

Révision 15327599

Ajouté par Frédéric Péters il y a environ 8 ans

general: don't use session for after_url persistence (#5637)

Voir les différences:

extra/modules/root.py
666 666
        ident_methods = get_cfg('identification', {}).get('methods', [])
667 667

  
668 668
        if get_request().form.get('ReturnUrl'):
669
            get_session().after_url = get_request().form.get('ReturnUrl')
669
            get_request().form['next'] = get_request().form.pop('ReturnUrl')
670 670

  
671 671
        if 'IsPassive' in get_request().form and 'idp' in ident_methods:
672 672
            # if isPassive is given in query parameters, we restrict ourselves
......
678 678
            # possibility of SSO, if we got there as a consequence of an access
679 679
            # unauthorized url on admin/ or backoffice/, then idp auth method
680 680
            # is chosen forcefully.
681
            after_url = get_session().after_url
681
            after_url = get_request().form.get('next')
682 682
            if after_url:
683 683
                root_url = get_publisher().get_root_url()
684 684
                after_path = urlparse.urlparse(after_url)[2]

Formats disponibles : Unified diff