beed6bf6f6
The "success_url" param is used when updating the project snapshot [1] and it lacks sanitizing the input URL that allows an attacker to redirect the user to another website. This patch update 'Updateview' class to not use the "sucess_url" method. Closes-bug: #1982676 [1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/snapshots/views.py#L109 Change-Id: Ied142440965b1a722e7a4dd1be3b1be3b3e1644b (cherry picked from commit 79d139594290779b2f74ca894332aa7f2f7e4735)
Horizon (OpenStack Dashboard)
Horizon is a Django-based project aimed at providing a complete
OpenStack Dashboard along with an extensible framework for building new
dashboards from reusable components. The
openstack_dashboard module is a reference implementation of
a Django site that uses the horizon app to provide
web-based interactions with the various OpenStack projects.
- Project documentation: https://docs.openstack.org/horizon/latest/
- Release management: https://launchpad.net/horizon
- Blueprints and feature specifications: https://blueprints.launchpad.net/horizon
- Issue tracking: https://bugs.launchpad.net/horizon
- Release notes: https://docs.openstack.org/releasenotes/horizon/
Using Horizon
See doc/source/install/index.rst about how to install
Horizon in your OpenStack setup. It describes the example steps and has
pointers for more detailed settings and configurations.
It is also available at Installation Guide.
Getting Started for Developers
doc/source/quickstart.rst or Quickstart
Guide describes how to setup Horizon development environment and
start development.
Building Contributor Documentation
This documentation is written by contributors, for contributors.
The source is maintained in the doc/source directory
using reStructuredText and
built by Sphinx
To build the docs, use:
$ tox -e docsResults are in the doc/build/html directory