Commit a8da1b0b authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_web_renderjs_ui: Ensure that came_from is html quoted before redirect

Without this (on slapos master ui) the redirection places value unquoted causing parser to fail later on when resolve {n.me}
parent 27b8fb15
REQUEST = context.REQUEST REQUEST = context.REQUEST
RESPONSE = REQUEST.RESPONSE RESPONSE = REQUEST.RESPONSE
from ZTUtils import make_query
portal = context.getPortalObject() portal = context.getPortalObject()
...@@ -27,7 +28,7 @@ if (portal.portal_membership.isAnonymousUser()): ...@@ -27,7 +28,7 @@ if (portal.portal_membership.isAnonymousUser()):
message = context.Base_translateString('Login and/or password is incorrect.') message = context.Base_translateString('Login and/or password is incorrect.')
url = '%s/login_form?portal_status_message=%s' % (context.absolute_url(), message) url = '%s/login_form?portal_status_message=%s' % (context.absolute_url(), message)
url = came_from and '%s&came_from=%s' % (url, came_from) or url url = came_from and '%s&%s' % (url, make_query({"came_from": came_from})) or url
RESPONSE.redirect(url) RESPONSE.redirect(url)
else: else:
# XXX How to warn user that password will expire? # XXX How to warn user that password will expire?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment