A better fix for open redirect vulnerability.

[jwag956]

In the few cases where user input is used for redirecting (via the 'next' parameter) pull apart the URL and quote the path. This will render any of the bizarre URLs that are relative according to the spec, but interpreted as absolute by many browsers definitely relative (and harmless).

Remove the previous fix including REDIRECT_VALIDATE_MODE and REDIRECT_VALIDATE_RE configuration variables. The Werkzeug default of sending relative URLs in Location header was restored as well.

closes #893

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5725f70) 98.37% compared to head (53e9d5b) 98.38%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #906      +/-   ##
==========================================
+ Coverage   98.37%   98.38%   +0.01%     
==========================================
  Files          34       34              
  Lines        4487     4465      -22     
==========================================
- Hits         4414     4393      -21     
+ Misses         73       72       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.