Skip to content

Commit

Permalink
Fix code scanning alert no. 20: URL redirection from remote source
Browse files Browse the repository at this point in the history
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
TreyWW and github-advanced-security[bot] authored Oct 19, 2024
1 parent f78e012 commit 0c8a472
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions backend/core/views/auth/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
from django.shortcuts import render, redirect
from django.urls import resolve, reverse
from django.urls.exceptions import Resolver404
from django.utils.http import url_has_allowed_host_and_scheme
from django.utils.decorators import method_decorator
from django.views import View
from django.views.decorators.http import require_GET, require_POST
Expand Down Expand Up @@ -76,10 +77,13 @@ def login_manual(request: HttpRequest):
messages.warning(request, "You have been requested by an administrator to change your account password.")
return redirect("settings:change_password")

try:
resolve(redirect_url)
return redirect(redirect_url)
except Resolver404:
if url_has_allowed_host_and_scheme(redirect_url, allowed_hosts=None):
try:
resolve(redirect_url)
return redirect(redirect_url)
except Resolver404:
return redirect("dashboard")
else:
return redirect("dashboard")


Expand Down

0 comments on commit 0c8a472

Please sign in to comment.