wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-27 16:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #197 from kelvinhammond/patch-1

Browse Source 
Update NextFormMixin.validate_next to check if next was even specified
This commit is contained in:
Matt Wright
2013-12-19 10:46:45 -08:00
parent fe170e6eb3 986a48c5e0
commit be8448a7cf
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flask_security/forms.py
+6 -5
View File
@@ -136,11 +136,12 @@ class NextFormMixin():
next = HiddenField()
def validate_next(self, field):
url_next = urlparse.urlsplit(field.data)
url_base = urlparse.urlsplit(request.host_url)
if url_next.netloc and url_next.netloc != url_base.netloc:
field.data = ''
raise ValidationError(get_message('INVALID_REDIRECT')[0])
if field.data:
url_next = urlparse.urlsplit(field.data)
url_base = urlparse.urlsplit(request.host_url)
if url_next.netloc and url_next.netloc != url_base.netloc:
field.data = ''
raise ValidationError(get_message('INVALID_REDIRECT')[0])
class RegisterFormMixin():