OpenStack Dashboard (Horizon)

  1. Bug #1982676
  2. Comment #27

Comment 27 for bug 1982676

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/horizon/+/862901
Committed: https://opendev.org/openstack/horizon/commit/2f600272bfffb3024e6f06a369f9b4768dd1a0b0
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 2f600272bfffb3024e6f06a369f9b4768dd1a0b0
Author: manchandavishal <email address hidden>
Date: Wed Sep 14 22:17:58 2022 +0530

    Fix success_url parameter issue for Edit Snapshot

    The "success_url" param is used when updating the project snapshot
    [1] and it lacks sanitizing the input URL that allows an attacker to
    redirect the user to another website. This patch update 'Updateview'
    class to not use the "sucess_url" method.

    Closes-bug: #1982676

    [1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/snapshots/views.py#L109

    Change-Id: Ied142440965b1a722e7a4dd1be3b1be3b3e1644b
    (cherry picked from commit 79d139594290779b2f74ca894332aa7f2f7e4735)