Unsafe characters in next argument break login
Bug #1539615 reported by
Roberto Alsina
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
New
|
Undecided
|
Unassigned |
Bug Description
If you access a URL like https:/
Even logged in, instead of redirecting me to a 404 (like the same URL without the + does) it asks for user/password again.
This is not critical because "+" should be urlencoded anyway, but login should not be refused because of a broken next argument.
To post a comment you must log in.