NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-23 07:56:44 -06:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Open redirect fix after login

Browse Source 
This is just to make sure after login you are just redirecting to a path not another domain.
This commit is contained in:
pelle 2022-08-08 09:53:25 -06:00 committed by GitHub
parent 90317adae7
commit 3f49225eff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
netbox/users/views.py
View File

@ -91,7 +91,7 @@ class LoginView(View):
data = request.POST if request.method == "POST" else request.GET
redirect_url = data.get('next', settings.LOGIN_REDIRECT_URL)
if redirect_url and redirect_url.startswith('/'):
if redirect_url and redirect_url.startswith('/') and not redirect_url.startswith('//'):
logger.debug(f"Redirecting user to {redirect_url}")
else:
if redirect_url: