From beed6bf6f6f83df9972db5fb539d64175ce12ce9 Mon Sep 17 00:00:00 2001 From: manchandavishal Date: Wed, 14 Sep 2022 22:17:58 +0530 Subject: [PATCH] Fix success_url parameter issue for Edit Snapshot The "success_url" param is used when updating the project snapshot [1] and it lacks sanitizing the input URL that allows an attacker to redirect the user to another website. This patch update 'Updateview' class to not use the "sucess_url" method. Closes-bug: #1982676 [1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/snapshots/views.py#L109 Change-Id: Ied142440965b1a722e7a4dd1be3b1be3b3e1644b (cherry picked from commit 79d139594290779b2f74ca894332aa7f2f7e4735) --- .../dashboards/project/snapshots/views.py | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/openstack_dashboard/dashboards/project/snapshots/views.py b/openstack_dashboard/dashboards/project/snapshots/views.py index be3fe4e979..a92da5162d 100644 --- a/openstack_dashboard/dashboards/project/snapshots/views.py +++ b/openstack_dashboard/dashboards/project/snapshots/views.py @@ -12,7 +12,6 @@ from django.urls import reverse from django.urls import reverse_lazy -from django.utils.http import urlencode from django.utils.translation import ugettext_lazy as _ from horizon import exceptions @@ -104,11 +103,8 @@ class UpdateView(forms.ModalFormView): def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['snapshot'] = self.get_object() - success_url = self.request.GET.get('success_url', "") args = (self.kwargs['snapshot_id'],) - params = urlencode({"success_url": success_url}) - context['submit_url'] = "?".join([reverse(self.submit_url, args=args), - params]) + context['submit_url'] = reverse(self.submit_url, args=args) return context def get_initial(self): @@ -117,12 +113,6 @@ class UpdateView(forms.ModalFormView): 'name': snapshot.name, 'description': snapshot.description} - def get_success_url(self): - success_url = self.request.GET.get( - "success_url", - reverse_lazy("horizon:project:snapshots:index")) - return success_url - class DetailView(tabs.TabView): tab_group_class = vol_snapshot_tabs.SnapshotDetailTabs