Handle redirects properly when logging in, fixes #195

master
kaiyou 7 years ago
parent 52da307fa5
commit 856d6176ca

@ -6,6 +6,7 @@ import flask_login
import smtplib import smtplib
from email.mime import text from email.mime import text
from urllib import parse
@app.route('/', methods=["GET"]) @app.route('/', methods=["GET"])
@ -21,7 +22,11 @@ def login():
user = models.User.login(form.email.data, form.pw.data) user = models.User.login(form.email.data, form.pw.data)
if user: if user:
flask_login.login_user(user) flask_login.login_user(user)
return flask.redirect(flask.url_for('.index')) redirect = flask.request.args.get('next')
parsed_redirect = parse.urlparse(redirect)
if parsed_redirect.scheme or parsed_redirect.netloc:
return flask.abort(400)
return flask.redirect(redirect or flask.url_for('.index'))
else: else:
flask.flash('Wrong e-mail or password', 'error') flask.flash('Wrong e-mail or password', 'error')
return flask.render_template('login.html', form=form) return flask.render_template('login.html', form=form)

Loading…
Cancel
Save