Branch: refs/heads/master
Home: https://github.com/openSUSE/open-build-service
Commit: d27f674b3e5da6898928a203c9a691527044b40b
https://github.com/openSUSE/open-build-service/commit/d27f674b3e5da6898928a2...
Author: Björn Geuken
Date: 2015-09-01 (Tue, 01 Sep 2015)
Changed paths:
M src/api/app/controllers/webui/user_controller.rb
M src/api/app/controllers/webui/webui_controller.rb
M src/api/app/views/layouts/webui/_personal_navigation.html.erb
M src/api/app/views/webui/user/login.html.erb
M src/api/test/functional/webui/patchinfo_create_test.rb
M src/api/test/functional/webui/signup_test.rb
M src/api/test/functional/webui/user_controller_test.rb
M src/api/test/test_helper.rb
Log Message:
-----------
[webui] Update OBS redirect after login
After login OBS users get redirected to the page they initially visited. So far
this was done via hidden fields in the views and parameters that were processed
in the controller.
An attacker could use those parameters to redirect to an untrusted side.
This commit stores the last visited page in the session store to avoid that kind
of attack.
Commit: d2aacc4470116d55974f4be28a1a41c8a874a4d9
https://github.com/openSUSE/open-build-service/commit/d2aacc4470116d55974f4b...
Author: Henne Vogelsang
Date: 2015-09-02 (Wed, 02 Sep 2015)
Changed paths:
M src/api/app/controllers/webui/user_controller.rb
M src/api/app/controllers/webui/webui_controller.rb
M src/api/app/views/layouts/webui/_personal_navigation.html.erb
M src/api/app/views/webui/user/login.html.erb
M src/api/test/functional/webui/patchinfo_create_test.rb
M src/api/test/functional/webui/signup_test.rb
M src/api/test/functional/webui/user_controller_test.rb
M src/api/test/test_helper.rb
Log Message:
-----------
Merge pull request #1078 from bgeuken/hakiri_redirect_issue
[webui] Update OBS redirect after login
Compare: https://github.com/openSUSE/open-build-service/compare/e2ed2c45c575...d2aacc...