ajung/plone.app.discussion
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Apply security hotfix 20160830 for redirects.

Browse Source
This commit is contained in:
Maurits van Rees
2016-09-19 17:06:17 +02:00
parent fe138c6b93
commit 358ec89c03
3 changed files with 57 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plone/app/discussion/browser/moderation.py
+6 -2
View File
@@ -105,7 +105,9 @@ class DeleteComment(BrowserView):
type='info')
came_from = self.context.REQUEST.HTTP_REFERER
# if the referrer already has a came_from in it, don't redirect back
if len(came_from) == 0 or 'came_from=' in came_from:
if (len(came_from) == 0 or 'came_from=' in came_from or
not getToolByName(
content_object, 'portal_url').isURLInPortal(came_from)):
came_from = content_object.absolute_url()
return self.context.REQUEST.RESPONSE.redirect(came_from)
@@ -186,7 +188,9 @@ class PublishComment(BrowserView):
type='info')
came_from = self.context.REQUEST.HTTP_REFERER
# if the referrer already has a came_from in it, don't redirect back
if len(came_from) == 0 or 'came_from=' in came_from:
if (len(came_from) == 0 or 'came_from=' in came_from or
not getToolByName(
content_object, 'portal_url').isURLInPortal(came_from)):
came_from = content_object.absolute_url()
return self.context.REQUEST.RESPONSE.redirect(came_from)