Used a different name for the URL redirection param

bmispelon · bmispelon · commit 75fe1305ac18 · 2024-06-29T13:06:16.000+02:00
Trac itself uses `referer`, so this change makes it easier
to integrate with some other Trac functionalities.
diff --git a/DjangoPlugin/tracdjangoplugin/plugins.py b/DjangoPlugin/tracdjangoplugin/plugins.py
@@ -123,7 +123,7 @@ def process_request(self, req):
     def do_get(self, req):
         return "plainlogin.html", {
             "form": AuthenticationForm(),
-            "next": req.args.get("next", ""),
+            "referer": req.args.get("referer", ""),
         }
 
     def do_post(self, req):
@@ -132,11 +132,11 @@ def do_post(self, req):
             req.environ["REMOTE_USER"] = form.get_user().username
             LoginModule(self.compmgr)._do_login(req)
             req.redirect(self._get_safe_redirect_url(req))
-        return "plainlogin.html", {"form": form, "next": req.args.get("next", "")}
+        return "plainlogin.html", {"form": form, "referer": req.args.get("referer", "")}
 
     def _get_safe_redirect_url(self, req):
         host = urlparse(req.base_url).hostname
-        redirect_url = iri_to_uri(req.args.get("next", ""))
+        redirect_url = iri_to_uri(req.args.get("referer", ""))
 
         if not redirect_url:
             redirect_url = settings.LOGIN_REDIRECT_URL
diff --git a/DjangoPlugin/tracdjangoplugin/tests.py b/DjangoPlugin/tracdjangoplugin/tests.py
@@ -73,7 +73,7 @@ def test_login_valid_with_custom_redirection(self):
             username="test",
             password="test",
             check_redirect="/test",
-            extra_data={"next": "/test"},
+            extra_data={"referer": "/test"},
         )
 
     def test_login_valid_with_custom_redirection_with_hostname(self):
@@ -83,7 +83,7 @@ def test_login_valid_with_custom_redirection_with_hostname(self):
             username="test",
             password="test",
             check_redirect="http://localhost/test",
-            extra_data={"next": "http://localhost/test"},
+            extra_data={"referer": "http://localhost/test"},
         )
 
     def test_login_valid_with_malicious_redirection(self):
@@ -108,7 +108,7 @@ def test_login_valid_with_malicious_redirection(self):
                     username="test",
                     password="test",
                     check_redirect="http://localhost/test",
-                    extra_data={"next": redirect_url},
+                    extra_data={"referer": redirect_url},
                 )
 
     def assertLoginFails(self, username, password, error_message=None):
diff --git a/trac-env/templates/django_theme.html b/trac-env/templates/django_theme.html
@@ -28,7 +28,7 @@
           </form>
         </li>
       # else
-        <li><a href="/login?next=${req.path_info|urlencode()}">Login</a></li>
+        <li><a href="/login?referer=${req.path_info|urlencode()}">Login</a></li>
       # endif
       <li><a href="${req.href.prefs()}">Preferences</a></li>
     </ul>
diff --git a/trac-env/templates/plainlogin.html b/trac-env/templates/plainlogin.html
@@ -25,7 +25,7 @@ <h2>Log in with your DjangoProject account</h2>
     <p>
       <button type="submit">Log in with DjangoProject</button>
       <input type="hidden" name="__FORM_TOKEN" value="${req.form_token}">{# Trac's CSRF protection #}
-      <input type="hidden" name="next" value="${next|default('/')}">
+      <input type="hidden" name="referer" value="${referer|default('/')}">
     </p>
   </form>
 </section>
