Bug #34951 login page not default redirect
Submitted: 29 Feb 2008 3:40 Modified: 3 Mar 2008 15:53
Reporter: Diego Medina Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Websites: MySQLForge Severity:S2 (Serious)
Version:forge1.mysql.com OS:Any
Assigned to: CPU Architecture:Any
Tags: login
Triage: D3 (Medium)

[29 Feb 2008 3:40] Diego Medina 
Description:
if you go directly to this page
http://forge1.mysql.com/people/login.php
(the login page), enter your information, click login.
you get a blank page.

How to repeat:
1- go here
http://forge1.mysql.com/people/login.php
2- login 
3- There you are, blank page. (I hope ;-) )

Suggested fix:
If you are using the referral page for the redirect, have a default redirect in case this value is empty (I wonder if some browsers do not send the referral url as "security feature")
[29 Feb 2008 5:37] Valeriy Kravchuk 
Thank you for a bug report. Verified just as described.
[3 Mar 2008 15:53] Jay Pipes 
This was fixed in the patch regarding bug#34956

Added default value for non-referring or attack-vector cleaned URLs

Patch in r369-70