Merge "Only allow http/https schemas for image download"

2015-09-12 15:53:24 +00:00 · 2015-09-12 15:53:24 +00:00 · fc64d3b191
commit fc64d3b191
parent 015fb6d94a 0f78517b60
1 changed files with 4 additions and 0 deletions
--- a/openstack_dashboard/dashboards/project/images/images/forms.py
+++ b/openstack_dashboard/dashboards/project/images/images/forms.py
@ -19,7 +19,9 @@
 """
 Views for managing images.
 """
+
 from django.conf import settings
+from django.core import validators
 from django.forms import ValidationError  # noqa
 from django.forms.widgets import HiddenInput  # noqa
 from django.template import defaultfilters
@ -102,6 +104,8 @@ class CreateImageForm(forms.SelfHandlingForm):
                                   'ng-model': 'copyFrom',
                                   'ng-change':
                                   'ctrl.selectImageFormat(copyFrom)'}),
+                               validators=[validators.URLValidator(
+                                   schemes=["http", "https"])],
                               required=False)
    image_file = forms.FileField(label=_("Image File"),
                                 help_text=_("A local image to upload."),