import rt 3.8.8

author: ivan <ivan> 2010-05-18 18:49:59 +0000
committer: ivan <ivan> 2010-05-18 18:49:59 +0000
commit: e70abd21bab68b23488f7ef1ee2e693a3b365691 (patch)
tree: 75986ffa9ba6ab4f961f9033468a1344e1653408 /rt/share/html/Elements/Login
parent: b4b0c7e72d7eaee2fbfc7022022c9698323203dd (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/rt/share/html/Elements/Login b/rt/share/html/Elements/Login
index 8dfbe51d1..e768b0e7a 100755
--- a/rt/share/html/Elements/Login
+++ b/rt/share/html/Elements/Login
@@ -64,6 +64,21 @@ my $form_action = defined $goto             ? $goto
                 : defined $req_uri          ? $req_uri
                 :                             RT->Config->Get('WebPath')
                 ;
+
+# sanitize $form_action
+my $uri = URI->new($form_action);
+
+# You get undef scheme with a relative uri like "/Search/Build.html"
+unless (!defined($uri->scheme) || $uri->scheme eq 'http' || $uri->scheme eq 'https') {
+    $form_action = RT->Config->Get('WebPath');
+}
+
+# Make sure we're logging in to the same domain
+# You can get an undef authority with a relative uri like "index.html"
+my $uri_base_url = URI->new(RT->Config->Get('WebBaseURL'));
+unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority) {
+    $form_action = RT->Config->Get('WebPath');
+}
 </%INIT>
 
 % $m->callback( %ARGS, CallbackName => 'Header' );
author	ivan <ivan>	2010-05-18 18:49:59 +0000
committer	ivan <ivan>	2010-05-18 18:49:59 +0000
commit	e70abd21bab68b23488f7ef1ee2e693a3b365691 (patch)
tree	75986ffa9ba6ab4f961f9033468a1344e1653408 /rt/share/html/Elements/Login
parent	b4b0c7e72d7eaee2fbfc7022022c9698323203dd (diff)