diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2012-11-17 22:00:53 +0100 |
|---|---|---|
| committer | Florian Apolloner <florian@apolloner.eu> | 2012-12-10 22:13:28 +0100 |
| commit | fce1fa0f7fb984d4e76eb81ffc3cb9826046c3b5 (patch) | |
| tree | 93a70aabbaae9a4be826afeeadb41957224ef3f8 /django/contrib/comments/views/comments.py | |
| parent | 984cf8417b9f6738e3bc09cbcfb697eeffe441a5 (diff) | |
[1.5.X] Fixed #18856 -- Ensured that redirects can't be poisoned by malicious users.
Diffstat (limited to 'django/contrib/comments/views/comments.py')
| -rw-r--r-- | django/contrib/comments/views/comments.py | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/django/contrib/comments/views/comments.py b/django/contrib/comments/views/comments.py index 27d5a48ac6..7c02b21b6a 100644 --- a/django/contrib/comments/views/comments.py +++ b/django/contrib/comments/views/comments.py @@ -44,9 +44,6 @@ def post_comment(request, next=None, using=None): if not data.get('email', ''): data["email"] = request.user.email - # Check to see if the POST data overrides the view's next argument. - next = data.get("next", next) - # Look up the object we're trying to comment about ctype = data.get("content_type") object_pk = data.get("object_pk") @@ -100,7 +97,7 @@ def post_comment(request, next=None, using=None): template_list, { "comment": form.data.get("comment", ""), "form": form, - "next": next, + "next": data.get("next", next), }, RequestContext(request, {}) ) @@ -131,7 +128,8 @@ def post_comment(request, next=None, using=None): request=request ) - return next_redirect(data, next, comment_done, c=comment._get_pk_val()) + return next_redirect(request, fallback=next or 'comments-comment-done', + c=comment._get_pk_val()) comment_done = confirmation_view( template="comments/posted.html", |