From 11ca87a2be684b1067c7135cc3cd483cc1372e0e Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 31 May 2009 17:01:34 +0000
Subject: Never use the login view URL as the came_from.

---
 docs/tutorials/bfgwiki/src/authorization/tutorial/login.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'docs/tutorials')

diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/login.py b/docs/tutorials/bfgwiki/src/authorization/tutorial/login.py
index 5fc94d480..293f3dcd5 100644
--- a/docs/tutorials/bfgwiki/src/authorization/tutorial/login.py
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/login.py
@@ -12,7 +12,10 @@ from tutorial.run import USERS
 
 @bfg_view(for_=Wiki, name='login')
 def login(context, request):
+    login_url = model_url(context, request, 'login')
     referrer = request.environ.get('HTTP_REFERER', '/')
+    if referrer == login_url:
+        referrer = '/' # never use the login form itself as came_from
     came_from = request.params.get('came_from', referrer)
     message = ''
     login = ''
-- 
cgit v1.2.3