slapos_jio: escape message content

191f2e87 · Romain Courteaud · Rafael Monnerat · d0495ef1 · 191f2e87
Commit 191f2e87 authored Jan 11, 2022 by Romain Courteaud Committed by Rafael Monnerat Nov 29, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

master/bt5/slapos_jio/SkinTemplateItem/portal_skins/slapos_hal_json_style/ERP5Site_activeLogin.py ...ortal_skins/slapos_hal_json_style/ERP5Site_activeLogin.py +6 -4

No files found.
--- a/master/bt5/slapos_jio/SkinTemplateItem/portal_skins/slapos_hal_json_style/ERP5Site_activeLogin.py
+++ b/master/bt5/slapos_jio/SkinTemplateItem/portal_skins/slapos_hal_json_style/ERP5Site_activeLogin.py
@@ -15,11 +15,13 @@ else:
  mail_message.deliver()
  message = translateString("Your account is being activated. You will receive an e-mail when activation is complete.")

-url = "%s/login_form?portal_status_message=%s&%s" % (
+url = "%s/login_form?%s" % (
  context.getWebSectionValue().absolute_url(),
-  message,
-  make_query({"came_from": came_from})
+  make_query({
+    "portal_status_message": message,
+    "came_from": came_from
+  })
 )
-
 context.REQUEST.RESPONSE.setHeader('Location', url)
 context.REQUEST.RESPONSE.setStatus(303)
+return message