use url_for not hardcoded routes

2021-09-24 12:49:34 +10:00
parent 6f451485d0
commit 0f5f21d266
1 changed files with 2 additions and 2 deletions
--- a/main.py
+++ b/main.py
@@ -121,7 +121,7 @@ def login():
    # ldap-injecting our username, so send them back to the login page instead
    if request.method == 'POST' and re.search( r'[()\\*&!]', request.form['username']):
       print( f"WARNING: Detected special LDAP chars in username: {request.form['username']}")
-       return redirect('/login')
+       return redirect(url_for('login'))
    if form.validate_on_submit():
        # Successfully logged in, We can now access the saved user object via form.user.
        login_user(form.user, remember=True)  # Tell flask-login to log them in.
@@ -129,7 +129,7 @@ def login():
        if next:
            return redirect(next)  # Send them back where they came from
        else:
-            return redirect('/')
+            return redirect( url_for('main_page') )

    return render_template("login.html", form=form)