This commit was generated by cvs2svn to compensate for changes in r9232,

which included commits to RCS files with non-trunk default branches.
author: ivan <ivan> 2010-05-18 18:49:59 +0000
committer: ivan <ivan> 2010-05-18 18:49:59 +0000
commit: 624b2d44625f69d71175c3348cae635d580c890b (patch)
tree: ed57a90db2ecbc72cea6c1d3c175c1dcd1938ab4 /rt/share/html/Elements/Login
parent: 7f4aff45cd6ef2f630d538294fa9d9c4db4ac4aa (diff)
parent: e70abd21bab68b23488f7ef1ee2e693a3b365691 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/rt/share/html/Elements/Login b/rt/share/html/Elements/Login
index 8dfbe51d1..e768b0e7a 100755
--- a/rt/share/html/Elements/Login
+++ b/rt/share/html/Elements/Login
@@ -64,6 +64,21 @@ my $form_action = defined $goto             ? $goto
                 : defined $req_uri          ? $req_uri
                 :                             RT->Config->Get('WebPath')
                 ;
+
+# sanitize $form_action
+my $uri = URI->new($form_action);
+
+# You get undef scheme with a relative uri like "/Search/Build.html"
+unless (!defined($uri->scheme) || $uri->scheme eq 'http' || $uri->scheme eq 'https') {
+    $form_action = RT->Config->Get('WebPath');
+}
+
+# Make sure we're logging in to the same domain
+# You can get an undef authority with a relative uri like "index.html"
+my $uri_base_url = URI->new(RT->Config->Get('WebBaseURL'));
+unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority) {
+    $form_action = RT->Config->Get('WebPath');
+}
 </%INIT>
 
 % $m->callback( %ARGS, CallbackName => 'Header' );
author	ivan <ivan>	2010-05-18 18:49:59 +0000
committer	ivan <ivan>	2010-05-18 18:49:59 +0000
commit	624b2d44625f69d71175c3348cae635d580c890b (patch)
tree	ed57a90db2ecbc72cea6c1d3c175c1dcd1938ab4 /rt/share/html/Elements/Login
parent	7f4aff45cd6ef2f630d538294fa9d9c4db4ac4aa (diff)
parent	e70abd21bab68b23488f7ef1ee2e693a3b365691 (diff)