Skip to content

Commit

Permalink
fixed is_safe_url in django 2.1
Browse files Browse the repository at this point in the history
  • Loading branch information
Fang Li committed Jan 24, 2019
1 parent 4968075 commit 7914e93
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion django_saml2_auth/views.py
View file
Expand Up @@ -229,7 +229,12 @@ def signin(r):
next_url = r.GET.get('next', settings.SAML2_AUTH.get('DEFAULT_NEXT_URL', get_reverse('admin:index')))

# Only permit signin requests where the next_url is a safe URL
if not is_safe_url(next_url, None):
if parse_version(get_version()) >= parse_version('2.0'):
url_ok = is_safe_url(next_url, None)
else:
url_ok = is_safe_url(next_url)

if not url_ok:
return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))

r.session['login_next_url'] = next_url
Expand Down

0 comments on commit 7914e93

Please sign in to comment.