Ignore:
Timestamp:
30/08/07 09:39:27 (12 years ago)
Author:
pjkersha
Message:

base64 encode return URI 'r' argument in query strings. This is a fix for
#845 and may address #862

ows_server/ows_server/config/ndgMiddleware.py: added global for getCredentials
path

ows_server/ows_server/controllers/login.py: include code to decode return URL
in doRedirect

ows_server/ows_server/controllers/logout.py: ...likewise for logout

ows_server/ows_server/lib/security_util.py: use cls for class methods

ows_server/ows_server/templates/ndgPage.kid: base64 encode return URL for
login and logout callbacks.

ows_server/ows_server/templates/login.kid: use new global $g.getCredentials
to specify full URL path

ows_server/ows_server/templates/wayf.kid: altered help message for return URL
check. Hovering over URL won't help the user now because 'r' arg is base64
encoded.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/templates/ndgPage.kid

    r2853 r2858  
    179179    </span> 
    180180     
    181     <!-- Login and out buttons --> 
    182      
     181    <!-- Login and out buttons -->     
    183182    <span py:def="logOut()" class="logOut"> 
     183            <?python 
     184            # Encode the return URL to avoid problems parsing URLs with multiple 
     185            # ?'s - for example one in the URL and one in the value for 'r' 
     186            from base64 import urlsafe_b64encode 
     187            b64encRequestURL = urlsafe_b64encode(c.requestURL) 
     188            ?> 
    184189        <form action="$g.logout"> 
    185             <input type="hidden" name="r" value="$c.requestURL"/> 
     190            <input type="hidden" name="r" value="${b64encRequestURL}"/> 
    186191            <input type="submit" value="Logout"/> 
    187192        </form> 
     
    189194     
    190195    <span py:def="logIn()" class="logIn"> 
     196            <?python 
     197            # Encode the return URL to avoid problems parsing URLs with multiple 
     198            # ?'s - for example one in the URL and one in the value for 'r' 
     199            from base64 import urlsafe_b64encode 
     200            b64encRequestURL = urlsafe_b64encode(c.requestURL) 
     201            ?> 
    191202        <form action="$g.wayfuri"> 
    192             <input type="hidden" name="r" value="$c.requestURL"/> 
     203            <input type="hidden" name="r" value="${b64encRequestURL}"/> 
    193204            <input type="submit" value="Login"/> 
    194205        </form> 
Note: See TracChangeset for help on using the changeset viewer.