[CONFSERVER-30220] Redirect for login can break

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 5.1.5, 5.2.3, 5.3
Affects Version/s: 5.1.5
Component/s: None
Labels:
- affects-server

Bug Fix Policy:
View Atlassian Server bug fix policy

After applying the patch for ~~CONF-30221~~, login redirects can contain a ${originalurl} parameter, instead of the original URL that requires a login.

If you have configured all of the below:

allowed anonymous access in global permissions
allowed anonymous view in space permissions
restricted some content in that space so that anonymous cannot view it.

Then any time a non-logged-in user tries to view the restricted content they will be redirected to a login page normally, but once they are logged in they will be redirected to the site homepage, not their original destination.

Workaround

Once the user has logged in, they should manually navigate back to the page they intended to view.

is caused by

CONFSERVER-30221 OGNL double evaluation in atlassian-xwork

Closed

No work has yet been logged on this issue.

Assignee:: Richard Atkins

Reporter:: Richard Atkins

Affected customers:: 0 This affects my team

Watchers:: 6 Start watching this issue

Created:: 03/Aug/2013 6:39 AM

Updated:: 11/Oct/2018 8:43 AM

Resolved:: 03/Aug/2013 6:47 AM

Confluence Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates