ddp/photoassistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use url_for not hardcoded routes

Browse Source
This commit is contained in:
Damien De Paoli
2021-09-24 12:49:34 +10:00
parent 6f451485d0
commit 0f5f21d266
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
main.py
View File

@@ -121,7 +121,7 @@ def login():
# ldap-injecting our username, so send them back to the login page instead # ldap-injecting our username, so send them back to the login page instead
if request.method == 'POST' and re.search( r'[()\\*&!]', request.form['username']): if request.method == 'POST' and re.search( r'[()\\*&!]', request.form['username']):
print( f"WARNING: Detected special LDAP chars in username: {request.form['username']}") print( f"WARNING: Detected special LDAP chars in username: {request.form['username']}")
return redirect('/login') return redirect(url_for('login'))
if form.validate_on_submit(): if form.validate_on_submit():
# Successfully logged in, We can now access the saved user object via form.user. # Successfully logged in, We can now access the saved user object via form.user.
login_user(form.user, remember=True) # Tell flask-login to log them in. login_user(form.user, remember=True) # Tell flask-login to log them in.
@@ -129,7 +129,7 @@ def login():
if next: if next:
return redirect(next) # Send them back where they came from return redirect(next) # Send them back where they came from
else: else:
return redirect('/') return redirect( url_for('main_page') )
return render_template("login.html", form=form) return render_template("login.html", form=form)