From fc0d5e2d335dba74375535f551c50815173186a0 Mon Sep 17 00:00:00 2001 From: Bai Date: Tue, 16 Jun 2026 17:06:07 +0800 Subject: [PATCH] fix: flash msg page redirect_url safe check --- apps/authentication/views/mixins.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/authentication/views/mixins.py b/apps/authentication/views/mixins.py index dab39bdc2..f123e2aa4 100644 --- a/apps/authentication/views/mixins.py +++ b/apps/authentication/views/mixins.py @@ -2,14 +2,16 @@ # from django.utils.translation import gettext_lazy as _ from common.utils import FlashMessageUtil +from common.utils import safe_next_url class FlashMessageMixin: @staticmethod def get_response(redirect_url='', title='', msg='', m_type='message', interval=5): message_data = { - 'title': title, 'interval': interval, - 'redirect_url': redirect_url, + 'title': title, + 'interval': interval, + 'redirect_url': safe_next_url(redirect_url), } if m_type == 'error': message_data['error'] = msg