This site is an archive; learn more about 8 years of OpenHatch.

[OH-Dev] [issue952] Open redirect in logout URL

brittag bugs at openhatch.org
Tue Mar 25 00:05:51 UTC 2014 

New submission from brittag <brittag at gmail.com>:

We got a report via email (thanks @M7K911) that http://openhatch.org/account/logout/?
next=http:///www.google.com works as an open redirect, and it probably shouldn't. This seems 
especially interesting because http://openhatch.org/account/logout/?next=http://www.google.com 
(with two slashes instead of three) just shows Django's "logged out" page.

----------
messages: 4180
nosy: brittag, paulproteus
priority: bug
status: unread
title: Open redirect in logout URL

__________________________________________
Roundup issue tracker <bugs at openhatch.org>
<https://openhatch.org/bugs/issue952>
__________________________________________

More information about the Devel mailing list