Fixes #19346: Ensure all redirect URLs are validated

2026-01-14 07:42:18 -06:00 · 2025-04-28 14:27:49 -04:00
parent 81dfaf0d67
commit e44ad8af45
6 changed files with 28 additions and 9 deletions
--- a/netbox/dcim/views.py
+++ b/netbox/dcim/views.py
@@ -23,6 +23,7 @@ from utilities.paginator import EnhancedPaginator, get_paginate_count
 from utilities.permissions import get_permission_for_model
 from utilities.query import count_related
 from utilities.query_functions import CollateAsChar
+from utilities.request import safe_for_redirect
 from utilities.views import (
    GetRelatedModelsMixin, GetReturnURLMixin, ObjectPermissionRequiredMixin, ViewTab, register_model_view
 )
@@ -3793,7 +3794,7 @@ class VirtualChassisAddMemberView(ObjectPermissionRequiredMixin, GetReturnURLMix
                    )
                ))

-                if '_addanother' in request.POST:
+                if '_addanother' in request.POST and safe_for_redirect(request.get_full_path()):
                    return redirect(request.get_full_path())

                return redirect(self.get_return_url(request, device))