Commit cab0b71d authored by Georgios Dagkakis's avatar Georgios Dagkakis

erp5_web: WebSite_login: make sure that there is a came_from

defined before using it as argument for isURLAncestorOf.

@vpelletier, this caused a bug, since empty came_from would crash isURLAncestorOf when urlparse is called for this url (https://lab.nexedi.com/nexedi/erp5/blob/master/product/ERP5Type/Core/Folder.py#L517). I think this is a way to solve, I do not know if isURLAncestorOf should be changed also to return something in such situation. 

/reviewed-on nexedi/erp5!89
parent f11f3869
master allow_login_change_differentiate_id_and_login arnau arnau-fec arnau-real-time-inventory-accounting bt5_config callable-jupyter-storage catalog_filter cherry-pick-243c2f03 cherry-pick-4a8e045d cleanup/zsql_method_arguments_backslash_n cleanup_acquisition_base_category datetime_key_change_date_delimiter_dash_timezone delivery_item_barcode dsn-phase3 erp5-component erp5-vifib erp5_catalog erp5_catalog_final erp5js_searcheditor_date_bug erp5js_searcheditor_date_bug2 erp5jslistbox erp5testnode_max_timeout experiment/coding_style_test_suite feat/accounting_stop_using_getObject feat/accounting_translate_gap feat/delete_on_category_workflow feat/longer_language_cookie feat/new_test_template_suggest_bad_coding_practice feat/olapy feat/pdm_content_translation feat/publication_workflow_transitions feat/remove_owner_role_permissions_on_document_workflow feat/test_inventory_api_domain_selection feat/trade_shipment_report feat/wendelin-py-data feature/accounting-reports-stats feature/hal-actions-support feature/hal-support-update feature/jio-accounting-reports feature/jio-selection-actions feature/json-allows-all-jio-actions feature/renderjs-matrixbox feature/renderjs-ui-no-header feature/rjs-listbox-stats feature/rjs-print-action fix/bank_reconciliation_with_internal_transaction fix/consistency_check_alarm fix/edit_activity_pending_error fix/full_text_script_conflict fix/generate_source_reference_after_ptg_clone fix/login_validate_check_consistency fix/multiple_small_fixes_to_zodb_history_tab fix/notification_message_references fix_hateoas_localizer for_testrunner_1 for_testrunner_2 for_testrunner_3 gadget-json-value heads/fix/notification_tool_unauthorized hotfix/accounting-test-timeout hotfix/callable_tool hotfix/field-keeps-request hotfix/jio_view hotfix/pdm-test hotfix/rjs-editability hotfix/rjs-form-less-invasive hotfix/rjs-formfields-padding hotfix/rjs-listbox-mutex hotfix/tests-cleanup initsite isDeletable jm/form-action-guard joblib-activity listbox_url macros_fix maste_copy master_calendar_wip_patches master_calendar_wip_patches_extend_security monitoring monitoring-graph no_longer_simulated_state officejs_clean officejs_zip ojs_wip portal_callables refactor/base_edit refactor/renderjs reindex_calendar_after_change_calendar_exception reverse_logistics revert-38554dbe rewrite_test_21_AcquiredPortalType scalability-roque scalability-roque-2 scalability-roque-runner sms_more_than_140_characters sws_fix taskdistribution-xmlrpc-binary tmp/getInstalledBusinessTemplate_never_installed_bt view-aggregated-amounts yusei_erp5js_listbox_link yusei_functional_test_firefox yusei_service_worker yusei_testnode test-ui test-rjsacc test-rjs renderjs-test erp5.util-0.4.49 erp5.util-0.4.46
No related merge requests found
......@@ -7,7 +7,7 @@
came_from python: request.get('came_from') or request.get('field_came_from');
isAnon here/portal_membership/isAnonymousUser | nothing;
url_topmost_document python: here.Base_getURLTopmostDocumentValue();
came_from_valid python: url_topmost_document.isURLAncestorOf(came_from);">
came_from_valid python: not came_from or url_topmost_document.isURLAncestorOf(came_from);">
<tal:block tal:condition="isAnon">
<tal:block tal:define="dummy python: response.expireCookie('__ac', path='/');
url python: '%s/login_form?portal_status_message=%s' % (here.absolute_url(), here.Base_translateString('Login and/or password is incorrect.'));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment