slash in a URL query string #3026
-
|
I am using Flask-Login package for authentication. When enabled
here, home is a What I want to achieve is - when I enter a wrong username or password, I want that next parameter to persists. So, what I did is this: @auth_bp.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
return redirect(url_for('auth.home'))
next_page = request.args.get('next')
if not next_page or not safe_url(next_page):
next_page = url_for('auth.home')
login_form = LoginForm()
if login_form.validate_on_submit():
user = Users.query.filter_by(username=login_form.username.data).first()
if user is None or not user.check_password(login_form.password.data):
flash('Invalid username or password!', category='login')
# here I am passing next parameter on wrong username or password
return redirect(url_for('auth.login', next=next_page))
logged_in = login_user(user, remember=login_form.remember_me.data)
if logged_in:
flash('You are logged in!', category='login')
return redirect(next_page)
flash('Login failed! reactivate your account!', category='login')
return render_template('auth/login.html', form=login_form, next_page=next_page)when I put wrong username or password, this is what I am getting in URL
There's slash in query parameter. while it works for my case but there shouldn't be slash in query parameter (it must be percent-encoded.) incorrect: Upon going through source code, I found that I can simply resolve this by returning my rendered login template and use |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
A slash |
Beta Was this translation helpful? Give feedback.
A slash
/is valid in the query part, the first question?delimits the query from the path, and any further slash/have no special meaning.