mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
895d8cffbc
Fixes: #2170. Starting with Django 2.2.25, re_path behavior has changed. When the regular expression ends with a '$', a full match is performed with the regular expression. This breaks the behavior of how we are currently matching the locked URLs for CAPTCHA based login forms. Tests: - All tests are done on Debian stable with Django 2.2.25 and on Debian unstable with Django 3.2.10. - Go to home page, click on login link. Enter wrong password three times. CAPTCHA page is show with URL ending with /locked. Type the correct password and login will be successful. - Install tt-rss. Logout. Go to /tt-rss/, redirection will happen to login page. Enter wrong password three times. CAPTCHA page is show with URL ending with /locked. Type the correct password and login will be successful. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>