decode uri component before redirect for safe redirect

2014-06-11 19:04:16 +00:00
parent f6b278e7f8
commit 4df0efa250
1 changed files with 1 additions and 1 deletions
--- a/lms/templates/login.html
+++ b/lms/templates/login.html
@@ -51,7 +51,7 @@
      $('#login-form').on('ajax:success', function(event, json, xhr) {
        if(json.success) {
          var u=decodeURI(window.location.search);
-          next=u.split("next=")[1];
+          next=decodeURIComponent(u.split("next=")[1]);
          if (next && !isExternal(next)) {
            location.href=next;
          }  else if(json.redirect_url){