Uploaded image for project: 'Reference Application'
  1. Reference Application
  2. RA-487

Don't redirect users to relative paths of URLs outside the context path

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Must
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: OpenMRS 2.2
    • Component/s: None
    • Labels:
      None
    • Complexity:
      Low

      Description

      The login logic stores the request header for the referer and attempts to redirect the user back to its relative path upon successful login, apparently it will fail if the relative path doesn't exist in the web application or might send the user to the wrong page in case it happens to exist by any chance.

      This can be reproduced on demo.openmrs.org by first going to openmrs.org and click one of the links on it that take you to the demo sever.

      Dev Notes:

      See LoginPageController in openmrs-module-referenceapplication

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              wyclif Wyclif Luyima
              Reporter:
              janflowers Jan Flowers
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: