From 319869c22e7d35da128a9d9b3308b0ee73c7c999 Mon Sep 17 00:00:00 2001
From: Juho Juopperi <jkj@kapsi.fi>
Date: Mon, 5 Nov 2018 15:52:00 +0200
Subject: [PATCH] Update django is_safe_url calls to new API (#2546)

---
 netbox/users/views.py     | 2 +-
 netbox/utilities/views.py | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/netbox/users/views.py b/netbox/users/views.py
index 0c1a3e01f..2452975a6 100644
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@@ -36,7 +36,7 @@ class LoginView(View):
 
             # Determine where to direct user after successful login
             redirect_to = request.POST.get('next', '')
-            if not is_safe_url(url=redirect_to, host=request.get_host()):
+            if not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
                 redirect_to = reverse('home')
 
             # Authenticate user
diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py
index 052f02e13..75bd40d02 100644
--- a/netbox/utilities/views.py
+++ b/netbox/utilities/views.py
@@ -57,7 +57,7 @@ class GetReturnURLMixin(object):
 
         # First, see if `return_url` was specified as a query parameter. Use it only if it's considered safe.
         query_param = request.GET.get('return_url')
-        if query_param and is_safe_url(url=query_param, host=request.get_host()):
+        if query_param and is_safe_url(url=query_param, allowed_hosts=request.get_host()):
             return query_param
 
         # Next, check if the object being modified (if any) has an absolute URL.
@@ -225,7 +225,7 @@ class ObjectEditView(GetReturnURLMixin, View):
                 return redirect(request.get_full_path())
 
             return_url = form.cleaned_data.get('return_url')
-            if return_url is not None and is_safe_url(url=return_url, host=request.get_host()):
+            if return_url is not None and is_safe_url(url=return_url, allowed_hosts=request.get_host()):
                 return redirect(return_url)
             else:
                 return redirect(self.get_return_url(request, obj))
@@ -283,7 +283,7 @@ class ObjectDeleteView(GetReturnURLMixin, View):
             messages.success(request, msg)
 
             return_url = form.cleaned_data.get('return_url')
-            if return_url is not None and is_safe_url(url=return_url, host=request.get_host()):
+            if return_url is not None and is_safe_url(url=return_url, allowed_hosts=request.get_host()):
                 return redirect(return_url)
             else:
                 return redirect(self.get_return_url(request, obj))