CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-06 15:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't use Django's redirect() for user-supplied paths

Browse Source
This commit is contained in:
Raphael Michel
2022-11-17 11:46:03 +01:00
parent f18fb02d0b
commit 7b58ddbfde
5 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/pretix/helpers/http.py
View File

@@ -20,7 +20,9 @@
# <https://www.gnu.org/licenses/>.
#
from django.conf import settings
from django.http import StreamingHttpResponse
from django.http import (
HttpResponsePermanentRedirect, HttpResponseRedirect, StreamingHttpResponse,
)
class ChunkBasedFileResponse(StreamingHttpResponse):
@@ -40,3 +42,8 @@ def get_client_ip(request):
if x_forwarded_for:
ip = x_forwarded_for.split(',')[0]
return ip
def redirect_to_url(to, permanent=False):
redirect_class = HttpResponsePermanentRedirect if permanent else HttpResponseRedirect
return redirect_class(to)