Commit 349ba1a7 authored by Rafael Monnerat's avatar Rafael Monnerat Committed by Kazuhiko Shiozaki

erp5_web_renderjs_ui: Ensure that came_from is html quoted before redirect

   Without this the redirection places value unquoted causing parser to fail
   later on when resolve {n.me}.

   came_from cannot be None so we simplify the block a bit.
parent f1ef9719
REQUEST = context.REQUEST
RESPONSE = REQUEST.RESPONSE
from ZTUtils import make_query
portal = context.getPortalObject()
......@@ -26,8 +27,11 @@ if (portal.portal_membership.isAnonymousUser()):
else:
message = context.Base_translateString('Login and/or password is incorrect.')
url = '%s/login_form?portal_status_message=%s' % (context.absolute_url(), message)
url = came_from and '%s&came_from=%s' % (url, came_from) or url
query_dict = {
'portal_status_message': message,
'came_from' : came_from
}
url = '%s/login_form?%s' % (context.absolute_url(), make_query(query_dict))
RESPONSE.redirect(url)
else:
# XXX How to warn user that password will expire?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment