Merge branch 'main' into feature

2026-01-15 00:02:17 -06:00 · 2025-04-22 16:36:17 -04:00
parent cbcd91bf6b d2e74e9d50
commit 6c7a0cf2b2
79 changed files with 12134 additions and 12015 deletions
--- a/netbox/account/views.py
+++ b/netbox/account/views.py
@@ -28,6 +28,7 @@ from netbox.config import get_config
 from netbox.views import generic
 from users import forms, tables
 from users.models import UserConfig
+from utilities.string import remove_linebreaks
 from utilities.views import register_model_view


@@ -125,12 +126,18 @@ class LoginView(View):

            # Set the user's preferred language (if any)
            if language := request.user.config.get('locale.language'):
-                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language, max_age=request.session.get_expiry_age())
+                response.set_cookie(
+                    key=settings.LANGUAGE_COOKIE_NAME,
+                    value=language,
+                    max_age=request.session.get_expiry_age(),
+                    secure=settings.SESSION_COOKIE_SECURE,
+                )

            return response

        else:
-            logger.debug(f"Login form validation failed for username: {form['username'].value()}")
+            username = form['username'].value()
+            logger.debug(f"Login form validation failed for username: {remove_linebreaks(username)}")

        return render(request, self.template_name, {
            'form': form,
@@ -142,10 +149,10 @@ class LoginView(View):
        redirect_url = data.get('next', settings.LOGIN_REDIRECT_URL)

        if redirect_url and url_has_allowed_host_and_scheme(redirect_url, allowed_hosts=None):
-            logger.debug(f"Redirecting user to {redirect_url}")
+            logger.debug(f"Redirecting user to {remove_linebreaks(redirect_url)}")
        else:
            if redirect_url:
-                logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_url}")
+                logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {remove_linebreaks(redirect_url)}")
            redirect_url = reverse('home')

        return HttpResponseRedirect(redirect_url)
@@ -220,7 +227,12 @@ class UserConfigView(LoginRequiredMixin, View):

            # Set/clear language cookie
            if language := form.cleaned_data['locale.language']:
-                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, language, max_age=request.session.get_expiry_age())
+                response.set_cookie(
+                    key=settings.LANGUAGE_COOKIE_NAME,
+                    value=language,
+                    max_age=request.session.get_expiry_age(),
+                    secure=settings.SESSION_COOKIE_SECURE,
+                )
            else:
                response.delete_cookie(settings.LANGUAGE_COOKIE_NAME)