Change the came_from to use a session variable
Bug #1135630 reported by
Paul Everitt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Medium
|
Chris Rossi |
Bug Description
Per discussion in email, Tres will take this out of the URL to avoid promoting a phishing attack. Possibly to include a whitelist of patterns that the came_from must match.
Changed in karl3: | |
status: | Confirmed → In Progress |
Changed in karl3: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
We need to have the "business center" app developers tell us whether they are still using the karl.external_ link_ticket authentication machinery, which would be broken by this change.