Просмотр исходного кода

Fix #3228 - UrlEncode full path for next if not on logon page

Include the full path for the ?next= variable in login links if we are not on the logon page.
Additionally include next for post requests that have the next variable set (will only come from the login page itself generally)
dansheps 6 лет назад
Родитель
Сommit
814c50f461
2 измененных файлов с 7 добавлено и 1 удалено
  1. 6 1
      netbox/templates/inc/nav_menu.html
  2. 1 0
      netbox/templates/login.html

+ 6 - 1
netbox/templates/inc/nav_menu.html

@@ -413,7 +413,12 @@
                         </ul>
                         </ul>
                     </li>
                     </li>
                 {% else %}
                 {% else %}
-                    <li><a href="{% url 'login' %}?next={{ request.path }}"><i class="fa fa-sign-in"></i> Log in</a></li>
+                    {% url 'login' as login_url %}
+                    {% if request.path == login_url %}
+                        <li><a href="{{ request.get_full_path }}"><i class="fa fa-sign-in"></i> Log in</a></li>
+                    {% else %}
+                        <li><a href="{{ login_url }}?next={{ request.get_full_path | urlencode }}"><i class="fa fa-sign-in"></i> Log in</a></li>
+                    {% endif %}
                 {% endif %}
                 {% endif %}
             </ul>
             </ul>
             <form action="{% url 'search' %}" method="get" class="navbar-form navbar-right" id="navbar_search" role="search">
             <form action="{% url 'search' %}" method="get" class="navbar-form navbar-right" id="navbar_search" role="search">

+ 1 - 0
netbox/templates/login.html

@@ -25,6 +25,7 @@
                 <div class="panel-body">
                 <div class="panel-body">
                     {% csrf_token %}
                     {% csrf_token %}
                     {% if 'next' in request.GET %}<input type="hidden" name="next" value="{{ request.GET.next }}" />{% endif %}
                     {% if 'next' in request.GET %}<input type="hidden" name="next" value="{{ request.GET.next }}" />{% endif %}
+                    {% if 'next' in request.POST %}<input type="hidden" name="next" value="{{ request.POST.next }}" />{% endif %}
                     {% render_form form %}
                     {% render_form form %}
                 </div>
                 </div>
                 <div class="panel-footer text-right">
                 <div class="panel-footer text-right">