|
|
@ -29,7 +29,7 @@
|
|
|
|
|
|
|
|
|
|
|
|
from urllib.parse import urlparse, urljoin
|
|
|
|
from urllib.parse import urlparse, urljoin
|
|
|
|
|
|
|
|
|
|
|
|
from flask import request, url_for, redirect
|
|
|
|
from flask import request, url_for, redirect, current_app
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def is_safe_url(target):
|
|
|
|
def is_safe_url(target):
|
|
|
@ -38,16 +38,15 @@ def is_safe_url(target):
|
|
|
|
return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
|
|
|
|
return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_redirect_target():
|
|
|
|
def remove_prefix(text, prefix):
|
|
|
|
for target in request.values.get('next'), request.referrer:
|
|
|
|
if text.startswith(prefix):
|
|
|
|
if not target:
|
|
|
|
return text[len(prefix):]
|
|
|
|
continue
|
|
|
|
return ""
|
|
|
|
if is_safe_url(target):
|
|
|
|
|
|
|
|
return target
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def redirect_back(endpoint, **values):
|
|
|
|
def redirect_back(endpoint, **values):
|
|
|
|
target = request.form['next']
|
|
|
|
target = request.form.get('next', None) or url_for(endpoint, **values)
|
|
|
|
if not target or not is_safe_url(target):
|
|
|
|
adapter = current_app.url_map.bind(urlparse(request.host_url).netloc)
|
|
|
|
|
|
|
|
if not len(adapter.allowed_methods(remove_prefix(target, request.environ.get('HTTP_X_SCRIPT_NAME',"")))):
|
|
|
|
target = url_for(endpoint, **values)
|
|
|
|
target = url_for(endpoint, **values)
|
|
|
|
return redirect(target)
|
|
|
|
return redirect(target)
|
|
|
|