vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

fix: sanitise redirect_to for already logged-in instances

Browse source 
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
This commit is contained in:
Chinmay D. Pai 2020-04-16 12:03:00 +05:30
parent bd537301ac
commit 174b9ed09f
No known key found for this signature in database
GPG key ID: 75507BE256F40CED
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
frappe/templates/includes/login/login.js
View file

@ -183,7 +183,7 @@ login.login_handlers = (function() {
login.set_indicator('{{ _("Success") }}', 'green');
window.location.href = frappe.utils.sanitise_redirect(frappe.utils.get_url_arg("redirect-to")) || data.home_page;
} else if(data.message == 'Password Reset'){
window.location.href = data.redirect_to;
window.location.href = frappe.utils.sanitise_redirect(data.redirect_to);
} else if(data.message=="No App") {
login.set_indicator("{{ _("Success") }}", 'green');
if(localStorage) {
@ -194,7 +194,7 @@ login.login_handlers = (function() {
}
if(data.redirect_to) {
window.location.href = data.redirect_to;
window.location.href = frappe.utils.sanitise_redirect(data.redirect_to);
}
if(last_visited && last_visited != "/login") {