From 375c88d2bcb98e80b38b0ad3b6e7116b80c13064 Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Sat, 25 Aug 2007 18:34:28 +0000
Subject: [PATCH] Fixed #5227 -- Made the redirect security check in
 django.contrib.auth.views.login() tighter. Thanks, Sander Dijkhuis

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6004 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 AUTHORS                      | 1 +
 django/contrib/auth/views.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
index bc5c44b335..311c96c8ea 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -94,6 +94,7 @@ answer newbie questions, and generally made Django that much better:
     Alex Dedul
     deric@monowerks.com
     Max Derkachev <mderk@yandex.ru>
+    Sander Dijkhuis <sander.dijkhuis@gmail.com>
     Jordan Dimov <s3x3y1@gmail.com>
     dne@mayonnaise.net
     Maximillian Dornseif <md@hudora.de>
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index 6c40228fab..f1129379d6 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -17,7 +17,7 @@ def login(request, template_name='registration/login.html'):
         errors = manipulator.get_validation_errors(request.POST)
         if not errors:
             # Light security check -- make sure redirect_to isn't garbage.
-            if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
+            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
                 from django.conf import settings
                 redirect_to = settings.LOGIN_REDIRECT_URL
             from django.contrib.auth import login