mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Update django is_safe_url calls to new API (#2546)

Browse Source
This commit is contained in:
Juho Juopperi
2018-11-05 15:52:00 +02:00
committed by Jeremy Stretch
parent 66ef5c726c
commit 319869c22e
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
netbox/users/views.py
View File

@ -36,7 +36,7 @@ class LoginView(View):
# Determine where to direct user after successful login # Determine where to direct user after successful login
redirect_to = request.POST.get('next', '') redirect_to = request.POST.get('next', '')
if not is_safe_url(url=redirect_to, host=request.get_host()): if not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
redirect_to = reverse('home') redirect_to = reverse('home')
# Authenticate user # Authenticate user

6
netbox/utilities/views.py
View File

@ -57,7 +57,7 @@ class GetReturnURLMixin(object):
# First, see if `return_url` was specified as a query parameter. Use it only if it's considered safe. # First, see if `return_url` was specified as a query parameter. Use it only if it's considered safe.
query_param = request.GET.get('return_url') query_param = request.GET.get('return_url')
if query_param and is_safe_url(url=query_param, host=request.get_host()): if query_param and is_safe_url(url=query_param, allowed_hosts=request.get_host()):
return query_param return query_param
# Next, check if the object being modified (if any) has an absolute URL. # Next, check if the object being modified (if any) has an absolute URL.
@ -225,7 +225,7 @@ class ObjectEditView(GetReturnURLMixin, View):
return redirect(request.get_full_path()) return redirect(request.get_full_path())
return_url = form.cleaned_data.get('return_url') return_url = form.cleaned_data.get('return_url')
if return_url is not None and is_safe_url(url=return_url, host=request.get_host()): if return_url is not None and is_safe_url(url=return_url, allowed_hosts=request.get_host()):
return redirect(return_url) return redirect(return_url)
else: else:
return redirect(self.get_return_url(request, obj)) return redirect(self.get_return_url(request, obj))
@ -283,7 +283,7 @@ class ObjectDeleteView(GetReturnURLMixin, View):
messages.success(request, msg) messages.success(request, msg)
return_url = form.cleaned_data.get('return_url') return_url = form.cleaned_data.get('return_url')
if return_url is not None and is_safe_url(url=return_url, host=request.get_host()): if return_url is not None and is_safe_url(url=return_url, allowed_hosts=request.get_host()):
return redirect(return_url) return redirect(return_url)
else: else:
return redirect(self.get_return_url(request, obj)) return redirect(self.get_return_url(request, obj))