Merge "django22: Call 'is_safe_url' with 'allowed_hosts'"
This commit is contained in:
commit
cfb907f803
|
@ -237,7 +237,7 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
|
||||||
# Ensure the user-originating redirection url is safe.
|
# Ensure the user-originating redirection url is safe.
|
||||||
# Taken from django.contrib.auth.views.login()
|
# Taken from django.contrib.auth.views.login()
|
||||||
redirect_to = request.GET.get(redirect_field_name, '')
|
redirect_to = request.GET.get(redirect_field_name, '')
|
||||||
if not is_safe_url(url=redirect_to, host=request.get_host()):
|
if not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]):
|
||||||
redirect_to = settings.LOGIN_REDIRECT_URL
|
redirect_to = settings.LOGIN_REDIRECT_URL
|
||||||
|
|
||||||
if auth_ref:
|
if auth_ref:
|
||||||
|
@ -270,7 +270,7 @@ def switch_region(request, region_name,
|
||||||
region_name, request.user.username)
|
region_name, request.user.username)
|
||||||
|
|
||||||
redirect_to = request.GET.get(redirect_field_name, '')
|
redirect_to = request.GET.get(redirect_field_name, '')
|
||||||
if not is_safe_url(url=redirect_to, host=request.get_host()):
|
if not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]):
|
||||||
redirect_to = settings.LOGIN_REDIRECT_URL
|
redirect_to = settings.LOGIN_REDIRECT_URL
|
||||||
|
|
||||||
response = shortcuts.redirect(redirect_to)
|
response = shortcuts.redirect(redirect_to)
|
||||||
|
@ -299,7 +299,7 @@ def switch_keystone_provider(request, keystone_provider=None,
|
||||||
raise exceptions.KeystoneAuthException(msg)
|
raise exceptions.KeystoneAuthException(msg)
|
||||||
|
|
||||||
redirect_to = request.GET.get(redirect_field_name, '')
|
redirect_to = request.GET.get(redirect_field_name, '')
|
||||||
if not is_safe_url(url=redirect_to, host=request.get_host()):
|
if not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]):
|
||||||
redirect_to = settings.LOGIN_REDIRECT_URL
|
redirect_to = settings.LOGIN_REDIRECT_URL
|
||||||
|
|
||||||
unscoped_auth_ref = None
|
unscoped_auth_ref = None
|
||||||
|
|
Loading…
Reference in New Issue