dialog confirmation ScoDoc: evite request.base_url qui peut être en http.

This commit is contained in:
Emmanuel Viennet 2021-08-30 16:34:24 +02:00
parent 30b5d4bfa3
commit d79da28aba

View File

@ -46,8 +46,7 @@ import time
import traceback
import types
import unicodedata
import six.moves.urllib.parse, six.moves.urllib.error
import six.moves.urllib.error, six.moves.urllib.parse
import urllib
from xml.etree import ElementTree
from flask import g, current_app
@ -817,11 +816,14 @@ def confirm_dialog(
# Attention: la page a pu etre servie en GET avec des parametres
# si on laisse l'url "action" vide, les parametres restent alors que l'on passe en POST...
if not dest_url:
dest_url = request.base_url
action = ""
else:
# strip remaining parameters from destination url:
dest_url = six.moves.urllib.parse.splitquery(dest_url)[0]
dest_url = urllib.parse.splitquery(dest_url)[0]
action = f'action="{dest_url}"'
H = [
"""<form action="%s" method="post">""" % dest_url,
f"""<form {action} method="post">""",
message,
"""<input type="submit" value="%s"/>""" % OK,
]