CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECURITY] Fix unvalidated redirect

Browse Source
This commit is contained in:
Raphael Michel
2020-12-18 18:29:36 +01:00
parent 736ecbd7b6
commit a3dd015c23
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/tests/control/test_auth.py
View File

@@ -90,6 +90,10 @@ class LoginFormTest(TestCase):
self.assertEqual(response.status_code, 302)
self.assertIn('/control/events/', response['Location'])
response = self.client.get('/control/login?next=//evilsite.com')
self.assertEqual(response.status_code, 302)
self.assertIn('/control/', response['Location'])
def test_logout(self):
response = self.client.post('/control/login', {
'email': 'dummy@dummy.dummy',