Skip to content

Commit

Permalink
security: fix open redirect vulnerabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
@xavfernandez
xavfernandez committed Jan 31, 2025
1 parent 1d7b939 commit a07e85f
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
8 changes: 5 additions & 3 deletions itou/www/apply/views/process_views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -957,10 +957,12 @@ def geiq_eligibility(request, job_application_id, template_name="apply/process_g
queryset = JobApplication.objects.is_active_company_member(request.user)
# Check GEIQ eligibility during job application process
job_application = get_object_or_404(queryset, pk=job_application_id)
back_url = request.GET.get("back_url") or reverse(
"apply:details_for_company", kwargs={"job_application_id": job_application.pk}
back_url = get_safe_url(
request,
"back_url",
fallback_url=reverse("apply:details_for_company", kwargs={"job_application_id": job_application.pk}),
)
next_url = request.GET.get("next_url")
next_url = get_safe_url(request, "next_url")
return common_views._geiq_eligibility(
request,
job_application.to_company,
Expand Down
2 changes: 1 addition & 1 deletion itou/www/employee_record_views/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ def create(request, job_application_id, template_name="employee_record/create.ht
"steps": STEPS,
"step": 1,
"matomo_custom_title": "Nouvelle fiche salarié ASP - Étape 1",
"back_url": request.GET.get("back_url"),
"back_url": get_safe_url(request, "back_url"),
}

return render(request, template_name, context)
Expand Down

0 comments on commit a07e85f

Please sign in to comment.