Commit f93ecb11 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_web_renderjs_ui: Ensure that came_from is html quoted before redirect

Without this (on slapos master ui) the redirection places value unquoted causing parser to fail later on when resolve {n.me}
parent dc72f443
...@@ -29,7 +29,7 @@ if (portal.portal_membership.isAnonymousUser()): ...@@ -29,7 +29,7 @@ if (portal.portal_membership.isAnonymousUser()):
message = context.Base_translateString('Login and/or password is incorrect.') message = context.Base_translateString('Login and/or password is incorrect.')
url = '%s/login_form?portal_status_message=%s' % (context.absolute_url(), message) url = '%s/login_form?portal_status_message=%s' % (context.absolute_url(), message)
url = came_from and '%s&came_from=%s' % (url, came_from) or url url = came_from and '%s&%s' % (url, make_query({"came_from": came_from})) or url
RESPONSE.redirect(url) RESPONSE.redirect(url)
else: else:
# XXX How to warn user that password will expire? # XXX How to warn user that password will expire?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment