dialog confirmation ScoDoc: evite request.base_url qui peut être en http.

This commit is contained in:
Emmanuel Viennet 2021-08-30 16:34:24 +02:00
parent 30b5d4bfa3
commit d79da28aba

View File

@ -46,8 +46,7 @@ import time
import traceback import traceback
import types import types
import unicodedata import unicodedata
import six.moves.urllib.parse, six.moves.urllib.error import urllib
import six.moves.urllib.error, six.moves.urllib.parse
from xml.etree import ElementTree from xml.etree import ElementTree
from flask import g, current_app from flask import g, current_app
@ -817,11 +816,14 @@ def confirm_dialog(
# Attention: la page a pu etre servie en GET avec des parametres # Attention: la page a pu etre servie en GET avec des parametres
# si on laisse l'url "action" vide, les parametres restent alors que l'on passe en POST... # si on laisse l'url "action" vide, les parametres restent alors que l'on passe en POST...
if not dest_url: if not dest_url:
dest_url = request.base_url action = ""
else:
# strip remaining parameters from destination url: # strip remaining parameters from destination url:
dest_url = six.moves.urllib.parse.splitquery(dest_url)[0] dest_url = urllib.parse.splitquery(dest_url)[0]
action = f'action="{dest_url}"'
H = [ H = [
"""<form action="%s" method="post">""" % dest_url, f"""<form {action} method="post">""",
message, message,
"""<input type="submit" value="%s"/>""" % OK, """<input type="submit" value="%s"/>""" % OK,
] ]