Comment 3 for bug 1039077
Revision history for this message
| Gabriel Hurley (gabriel-hurley) wrote Re: open redirect / phishing attack via "next" parameter | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Confirmed that this bug exists in Essex, and the patch there looks good to me.
Folsom is not affected. This kind of security hole is one of the (many) reasons I rewrote the entire auth mechanism to be a pluggable backend for Django's contrib.auth module in the Folsom timeframe.