Canonical SSO provider

Unsafe characters in next argument break login

Bug #1539615 reported by Roberto Alsina on 2016-01-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical SSO provider	New	Undecided	Unassigned

If you access a URL like https://login.ubuntu.com/openid/login/?next=/bar+foo/ with a + in the next argument, SSO wil not log you in.

Even logged in, instead of redirecting me to a 404 (like the same URL without the + does) it asks for user/password again.

This is not critical because "+" should be urlencoded anyway, but login should not be refused because of a broken next argument.

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.