diff --git a/product/ERP5Type/patches/CookieCrumbler.py b/product/ERP5Type/patches/CookieCrumbler.py index eaee324fcb9f014f362665639f08f7486ac23788..ab4744e5adc991ebcf6d84146a50c50eeb638fe8 100755 --- a/product/ERP5Type/patches/CookieCrumbler.py +++ b/product/ERP5Type/patches/CookieCrumbler.py @@ -20,7 +20,11 @@ # ############################################################################## -#CookieCrumbler: remove "?came_from" from getLoginUrl (called by request.unauthorized) +""" +Patch CookieCrumbler to prevent came_from to appear in the URL +when ERP5 runs in "require_referer" mode. +""" + from Products.CMFCore.CookieCrumbler import CookieCrumbler class PatchedCookieCrumbler(CookieCrumbler): @@ -41,8 +45,16 @@ def getLoginURL(self): page = getattr(parent, self.auto_login_page, None) if page is not None: retry = getattr(resp, '_auth', 0) and '1' or '' - url = '%s?retry=%s&disable_cookie_login__=1' % ( + came_from = req.get('came_from', None) + if came_from is None: + came_from = req['URL'] + if hasattr(self, 'getPortalObject') and self.getPortalObject()\ + .getProperty('require_referer', 0) : + url = '%s?retry=%s&disable_cookie_login__=1' % ( page.absolute_url(), retry) + else : + url = '%s?came_from=%s&retry=%s&disable_cookie_login__=1' % ( + page.absolute_url(), quote(came_from), retry) return url return None