OpenStack Dashboard (Horizon)

  1. Bug #1982676
  2. Comment #16

Comment 16 for bug 1982676

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.opendev.org/c/openstack/horizon/+/857740
Committed: https://opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735
Submitter: "Zuul (22348)"
Branch: master

commit 79d139594290779b2f74ca894332aa7f2f7e4735
Author: manchandavishal <email address hidden>
Date: Wed Sep 14 22:17:58 2022 +0530

    Fix success_url parameter issue for Edit Snapshot

    The "success_url" param is used when updating the project snapshot
    [1] and it lacks sanitizing the input URL that allows an attacker to
    redirect the user to another website. This patch update 'Updateview'
    class to not use the "sucess_url" method.

    Closes-bug: #1982676

    [1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/snapshots/views.py#L109

    Change-Id: Ied142440965b1a722e7a4dd1be3b1be3b3e1644b