On Sat, May 03, 2014 at 09:19:56AM +0200, Miro HronĨok wrote:
Dne 3.5.2014 04:28, Ralph Bean napsal(a):
> As a workaround, I've attached a second patch that tells copr to just ignore
> the 'next' parameter and redirect always back to the copr root url. This
> second workaround patch is applied as a 'hotfix' in ansible and deployed to
the
> copr cloud node.
> - return flask.redirect(oid.get_next_url())
> + return flask.redirect(flask.request.url_root)
Is it not possible to check if oid.get_next_url() starts with '/' and
use it only then?
if oid.get_next_url().starstwith('/'):
return flask.redirect(oid.get_next_url())
else:
return flask.redirect(flask.request.url_root)
If oid.get_next_url() is an absolute URL (as it sounds to me) the check
might be a bit more complex (i.e. allow both http and https and both
copr-fe.cloud.fedoraproject.org and
copr.fedoraproject.org).
I pointed Patrick to your reply (since he is not on the list) and his answer is:
"""
that should work, as that's basically the fix that you do when you enable
safe_roots, but that they should consider upgrading anyway as there's been more
security and bug fixes
"""
Cheers,
Pierre