From e7404cb055dc9f9db01795f184539e567eaf50e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksi=20H=C3=A4kli?= Date: Fri, 3 Jul 2020 18:21:53 +0300 Subject: [PATCH] Use urlencode for generating usernames in redirect --- axes/helpers.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/axes/helpers.py b/axes/helpers.py index d4bbc87..2ed9246 100644 --- a/axes/helpers.py +++ b/axes/helpers.py @@ -3,16 +3,16 @@ from hashlib import md5 from logging import getLogger from string import Template from typing import Callable, Optional, Type, Union +from urllib.parse import urlencode from django.core.cache import caches, BaseCache from django.http import ( HttpRequest, HttpResponse, - HttpResponseRedirect, JsonResponse, QueryDict, ) -from django.shortcuts import render +from django.shortcuts import render, redirect from django.utils.module_loading import import_string import ipware.ip @@ -341,7 +341,10 @@ def get_lockout_response(request, credentials: dict = None) -> HttpResponse: return render(request, settings.AXES_LOCKOUT_TEMPLATE, context, status=status) if settings.AXES_LOCKOUT_URL: - return HttpResponseRedirect(f"{settings.AXES_LOCKOUT_URL}?username={context['username']}") + lockout_url = settings.AXES_LOCKOUT_URL + query_string = urlencode({"username": context["username"]}) + url = "{}?{}".format(lockout_url, query_string) + return redirect(url) return HttpResponse(get_lockout_message(), status=status)