Thanks!
It seems ok!!
hope it will be corrected soon in the official version, as it should be
considered as a serious security bug.
Il giorno lun 25 mag 2020 alle ore 06:29 egamarro dpu <
egamarro@gmail.com> ha scritto:
>
>I'm pretty sure Fred found the right line to fix this. Buildin
I'm pretty sure Fred found the right line to fix this. Building on
Fred's suggestion, I fixed it this way:
< redirect(self.url(args=request.args,
vars=request.vars),client_side=settings.client_side)
> redirect(self.url(),client_side=settings.client_side)
On Tuesday, April 28, 2020 at
I'm experincing the same problem.
I also tried the last version (2.19.1) and seems it still presents the same
inconvenience.
I think this can be considered a serious security problem as clear mistyped
password will be writed on web server logs, proxies logs and so on.
There is also a sencondar
Ok I think I found it:
In gluon/tools.py in the Auth.login() method the line 2643 has been changed
from
redirect(self.url(args=request.args, vars=request.*get_vars*
),client_side=settings.client_side)
to
redirect(self.url(args=request.args, vars=request.*vars*
),client_side=settings.client_sid
4 matches
Mail list logo
