vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(not_permitted_page): escape path

Browse source 
Reported-by: Sadik Shaikh <pc_masters70@yahoo.com>
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
This commit is contained in:
Akhil Narang 2025-01-13 11:39:29 +05:30
parent fc1c3f895a
commit b8fe835d1a
No known key found for this signature in database
GPG key ID: 9DCC61E211BF645F
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
frappe/website/page_renderers/not_permitted_page.py
View file

@ -1,3 +1,5 @@
from urllib.parse import quote_plus
import frappe
from frappe import _
from frappe.utils import cstr
@ -14,7 +16,7 @@ class NotPermittedPage(TemplatePage):
return True
def render(self):
action = f"/login?redirect-to={frappe.request.path}"
action = f"/login?redirect-to={quote_plus(frappe.request.path)}"
if frappe.request.path.startswith("/app/") or frappe.request.path == "/app":
action = "/login"
frappe.local.message_title = _("Not Permitted")