Only return get_vars after a failing login

Since the redirect is a GET action, there is no reason to return post vars from the failing attempt.
2019-07-24 09:43:03 +02:00
parent a23a068d40
commit 251314ceb8
1 changed files with 1 additions and 3 deletions
@@ -2638,9 +2638,7 @@ class Auth(AuthAPI):
                        # invalid login
                        session.flash = specific_error if self.settings.login_specify_error else self.messages.invalid_login
                        callback(onfail, None)
-                        if 'password' in request.post_vars:
-                            del request.post_vars['password']
-                        redirect(self.url(args=request.args, vars=request.vars),client_side=settings.client_side)
+                        redirect(self.url(args=request.args, vars=request.get_vars),client_side=settings.client_side)

            else:  # use a central authentication server
                cas = settings.login_form