# HG changeset patch
# User Chris Cannam <chris.cannam@soundsoftware.ac.uk>
# Date 1410269278 -3600
# Node ID 2354ddf5a483b4a23c407f86a9026763b45854ea
# Parent  a1bdbf8a87d56d393ef0c9a38325d174136fd310
Fix some merge/runtime problems

diff -r a1bdbf8a87d5 -r 2354ddf5a483 app/controllers/account_controller.rb
--- a/app/controllers/account_controller.rb	Tue Sep 09 10:02:18 2014 +0100
+++ b/app/controllers/account_controller.rb	Tue Sep 09 14:27:58 2014 +0100
@@ -39,7 +39,7 @@
     else
       authenticate_user
     end
-  rescue AuthSourceException => e
+  rescue AuthSource::AuthSourceException => e
     logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
     render_error :message => e.message
   end
diff -r a1bdbf8a87d5 -r 2354ddf5a483 app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb	Tue Sep 09 10:02:18 2014 +0100
+++ b/app/controllers/application_controller.rb	Tue Sep 09 14:27:58 2014 +0100
@@ -377,6 +377,10 @@
   def redirect_back_or_default(default, options={})
     back_url = params[:back_url].to_s
     if back_url.present? && valid_back_url?(back_url)
+      begin
+        uri = URI.parse(back_url)
+        # do not redirect user to another host or to the login or register page
+        if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
           # soundsoftware: if back_url is the home page,
           # change it to My Page (#125)
           if (uri.path == home_path)
@@ -392,8 +396,13 @@
             uri.scheme = "https"
           end
           back_url = uri.to_s
-      redirect_to(back_url)
-      return
+          redirect_to(back_url)
+          return
+        end
+      rescue URI::InvalidURIError
+        logger.warn("Could not redirect to invalid URL #{back_url}")
+        # redirect to default
+      end
     elsif options[:referer]
       redirect_to_referer_or default
       return