On 2/7/11 18:03 PM, Roger wrote: > why not use the same pattern like I changed to in z3c.authenticator. > There the camefrom request part was replaced by session handling. > > On the other side, I think your changes are fine since, I guess > someone from gocept, a long time ago, fixed and protected the > redirect method.
Ok, thanks for your feedback! I applied the patch, added a test just to show a redirect to a suspicious URL will by default not work and released zope.pluggableauth 1.3 regards, jw _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )