mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code

Fixes : Fix escaping of return URL values for action buttons in tables

Browse Source
This commit is contained in:
jeremystretch
2023-03-07 09:34:25 -05:00
parent ee5b707e68
commit d48a8770de
2 changed files with 4 additions and 2 deletions
docs/release-notes
version-3.4.md
netbox/netbox/tables
columns.py

2
docs/release-notes/version-3.4.md

@ -8,6 +8,7 @@
* [#11011](https://github.com/netbox-community/netbox/issues/11011) - Add ability to toggle visibility of virtual interfaces under device view
* [#11807](https://github.com/netbox-community/netbox/issues/11807) - Restore default page size when navigating between views
* [#11817](https://github.com/netbox-community/netbox/issues/11817) - Add `connected_endpoints` field to GraphQL API for cabled objects
* [#11862](https://github.com/netbox-community/netbox/issues/11862) - Add Cisco StackWise 1T interface type
* [#11871](https://github.com/netbox-community/netbox/issues/11871) - Add IEEE 802.3az PoE type for interfaces
### Bug Fixes
@ -16,6 +17,7 @@
* [#11565](https://github.com/netbox-community/netbox/issues/11565) - Apply custom field defaults to IP address created during FHRP group creation
* [#11758](https://github.com/netbox-community/netbox/issues/11758) - Support non-URL-safe characters in plugin menu titles
* [#11796](https://github.com/netbox-community/netbox/issues/11796) - When importing devices, restrict rack by location only if the location field is specified
* [#11903](https://github.com/netbox-community/netbox/issues/11903) - Fix escaping of return URL values for action buttons in tables
---

4
netbox/netbox/tables/columns.py

@ -1,5 +1,6 @@
from dataclasses import dataclass
from typing import Optional
from urllib.parse import quote
import django_tables2 as tables
from django.conf import settings
@ -8,7 +9,6 @@ from django.db.models import DateField, DateTimeField
from django.template import Context, Template
from django.urls import reverse
from django.utils.dateparse import parse_date
from django.utils.encoding import escape_uri_path
from django.utils.html import escape
from django.utils.formats import date_format
from django.utils.safestring import mark_safe
@ -235,7 +235,7 @@ class ActionsColumn(tables.Column):
model = table.Meta.model
request = getattr(table, 'context', {}).get('request')
url_appendix = f'?return_url={escape_uri_path(request.get_full_path())}' if request else ''
url_appendix = f'?return_url={quote(request.get_full_path())}' if request else ''
html = ''
# Compile actions menu