Commit 6041ffc7 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_web_renderjs_ui: Ensure that came_from is html quoted before redirect

   Without this the redirection places value unquoted causing parser to fail
   later on when resolve {n.me}.

   came_from cannot be None so we simplify the block a bit.
parent 3ab8e40d
Pipeline #33123 failed with stage
in 0 seconds
REQUEST = context.REQUEST REQUEST = context.REQUEST
RESPONSE = REQUEST.RESPONSE RESPONSE = REQUEST.RESPONSE
from ZTUtils import make_query
portal = context.getPortalObject() portal = context.getPortalObject()
...@@ -26,8 +27,11 @@ if (portal.portal_membership.isAnonymousUser()): ...@@ -26,8 +27,11 @@ if (portal.portal_membership.isAnonymousUser()):
else: else:
message = context.Base_translateString('Login and/or password is incorrect.') message = context.Base_translateString('Login and/or password is incorrect.')
url = '%s/login_form?portal_status_message=%s' % (context.absolute_url(), message) query_dict = {
url = came_from and '%s&came_from=%s' % (url, came_from) or url 'portal_status_message': message,
'came_from' : came_from
}
url = '%s/login_form?%s' % (context.absolute_url(), make_query(query_dict))
RESPONSE.redirect(url) RESPONSE.redirect(url)
else: else:
# XXX How to warn user that password will expire? # XXX How to warn user that password will expire?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment