From 0f5f21d266cab4619d573314f74cb16c92da4cb2 Mon Sep 17 00:00:00 2001
From: Damien De Paoli <ddp@depaoli.id.au>
Date: Fri, 24 Sep 2021 12:49:34 +1000
Subject: [PATCH] use url_for not hardcoded routes

---
 main.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.py b/main.py
index 5d2ce2d..635f209 100644
--- a/main.py
+++ b/main.py
@@ -121,7 +121,7 @@ def login():
     # ldap-injecting our username, so send them back to the login page instead
     if request.method == 'POST' and re.search( r'[()\\*&!]', request.form['username']):
        print( f"WARNING: Detected special LDAP chars in username: {request.form['username']}")
-       return redirect('/login')
+       return redirect(url_for('login'))
     if form.validate_on_submit():
         # Successfully logged in, We can now access the saved user object via form.user.
         login_user(form.user, remember=True)  # Tell flask-login to log them in.
@@ -129,7 +129,7 @@ def login():
         if next:
             return redirect(next)  # Send them back where they came from
         else:
-            return redirect('/')
+            return redirect( url_for('main_page') )
 
     return render_template("login.html", form=form)