spam filter captcha redirect incorrect when not installed at root
|Reported by:||Owned by:||Dirk Stöcker|
Upon successful captcha match, the captcha_redirect value is matched directly against request handlers to match the appropriate redirect. For projects where Trac is not installed at the root level (i.e. https://mydomain.com/trac/myproject), the handlers do not match because the PATH_INFO includes the base url (i.e. /trac/myproject/newticket).
Stripping SCRIPT_NAME if it is present and not '/' should prevent this from happening. We are using the following patch:
Index: tracspamfilter/captcha/api.py =================================================================== --- tracspamfilter/captcha/api.py (revision 9965) +++ tracspamfilter/captcha/api.py (working copy) @@ -93,6 +93,8 @@ if(req.path_info == '/captcha' and req.method == 'POST' and req.args['captcha_response'] == req.session['captcha_expected']): req.environ['PATH_INFO'] = req.session.get('captcha_redirect', req.href()) + if ('SCRIPT_NAME' in req.environ and len(req.environ['SCRIPT_NAME']) > 1): + req.environ['PATH_INFO'] = req.environ['PATH_INFO'].replace(req.environ['SCRIPT_NAME'], '') del req.session['captcha_redirect'] del req.session['captcha_reject_reason'] req.session['captcha_verified'] = int(time.time())