Commit cc819c70 authored by Romain Courteaud's avatar Romain Courteaud

slapos_jio: escape message content

parent aeb6d2ed
...@@ -15,11 +15,13 @@ else: ...@@ -15,11 +15,13 @@ else:
mail_message.deliver() mail_message.deliver()
message = translateString("Your account is being activated. You will receive an e-mail when activation is complete.") message = translateString("Your account is being activated. You will receive an e-mail when activation is complete.")
url = "%s/login_form?portal_status_message=%s&%s" % ( url = "%s/login_form?%s" % (
context.getWebSectionValue().absolute_url(), context.getWebSectionValue().absolute_url(),
message, make_query({
make_query({"came_from": came_from}) "portal_status_message": message,
"came_from": came_from
})
) )
context.REQUEST.RESPONSE.setHeader('Location', url) context.REQUEST.RESPONSE.setHeader('Location', url)
context.REQUEST.RESPONSE.setStatus(303) context.REQUEST.RESPONSE.setStatus(303)
return message
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment