Ticket #14405: patch-14405.4.diff
| File patch-14405.4.diff, 1.7 KB (added by , 14 years ago) |
|---|
-
views.py
27 27 28 28 redirect_to = request.REQUEST.get(redirect_field_name, '') 29 29 30 if request.method == "POST": 31 form = authentication_form(data=request.POST) 32 if form.is_valid(): 30 if request.method == "POST" or request.user.is_authenticated(): 31 if request.method == "POST" and not request.user.is_authenticated(): 32 form = authentication_form(data=request.POST) 33 if request.user.is_authenticated() or form.is_valid(): 33 34 # Light security check -- make sure redirect_to isn't garbage. 34 35 if not redirect_to or ' ' in redirect_to: 35 36 redirect_to = settings.LOGIN_REDIRECT_URL … … 39 40 # should be allowed. This regex checks if there is a '//' *before* a 40 41 # question mark. 41 42 elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to): 42 43 43 redirect_to = settings.LOGIN_REDIRECT_URL 44 44 45 # Okay, security checks complete. Log the user in. 45 auth_login(request, form.get_user()) 46 if request.method == "POST" and not request.user.is_authenticated(): 47 auth_login(request, form.get_user()) 48 if request.session.test_cookie_worked(): 49 request.session.delete_test_cookie() 46 50 47 if request.session.test_cookie_worked():48 request.session.delete_test_cookie()49 50 51 return HttpResponseRedirect(redirect_to) 51 52 52 53 else: