db = False
redirect = False
+ dbs = db_list(req, True)
+
# 1 try the db in the url
db_url = req.params.get('db')
- if db_url:
+ if db_url and db_url in dbs:
return (db_url, False)
- dbs = db_list(req, True)
-
# 2 use the database from the cookie if it's listable and still listed
cookie_db = req.httprequest.cookies.get('last_used_database')
if cookie_db in dbs:
@openerpweb.httprequest
def login(self, req, db, login, key):
+ if db not in db_list(req, True):
+ return werkzeug.utils.redirect('/', 303)
return login_and_redirect(req, db, login, key)
class WebClient(openerpweb.Controller):