erp5_web: WebSite_login: do not redirect to a came_from that is not child of...

erp5_web: WebSite_login: do not redirect to a came_from that is not child of the topmost url document in the given instance.

bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_login.xml

@@ -43,7 +43,9 @@
              tal:define="dummy here/setupCurrentSkin;" />\n
   <tal:block tal:define="response request/RESPONSE;\n
              came_from python: request.get(\'came_from\') or request.get(\'field_came_from\');\n
-             isAnon here/portal_membership/isAnonymousUser|nothing;">\n
+             isAnon here/portal_membership/isAnonymousUser | nothing;\n
+             url_topmost_document python: here.Base_getURLTopmostDocumentValue();\n
+             came_from_valid python: url_topmost_document.isURLAncestorOf(came_from);">\n
     <tal:block tal:condition="isAnon">\n
       <tal:block tal:define="dummy python: response.expireCookie(\'__ac\', path=\'/\');\n
                  url python: \'%s/login_form?portal_status_message=%s\' % (here.absolute_url(), here.Base_translateString(\'Login and/or password is incorrect.\'));\n
@@ -51,11 +53,15 @@
                  dummy python: response.redirect(url);" />\n
     </tal:block>\n
     <tal:block tal:condition="not: isAnon">\n
-      <tal:block tal:define="dummy python: response.redirect(came_from or here.getPermanentURL(here));" />\n
+      <tal:block tal:condition="came_from_valid">\n
+        <tal:block tal:define="dummy python: response.redirect(came_from or here.getPermanentURL(here));" />\n
+      </tal:block>\n
+      <tal:block tal:condition="not: came_from_valid">\n
+        <tal:block tal:define="dummy python: response.redirect(\'%s?portal_status_message=%s\' % (url_topmost_document.absolute_url(), here.Base_translateString(\'Redirection to an external site prevented.\')));" />\n
+      </tal:block>\n
     </tal:block>\n
   </tal:block>\n
-</tal:block>\n
-
+</tal:block>
 
 ]]></unicode> </value>
         </item>