From 79d139594290779b2f74ca894332aa7f2f7e4735 Mon Sep 17 00:00:00 2001
From: manchandavishal <manchandavishal143@gmail.com>
Date: Wed, 14 Sep 2022 22:17:58 +0530
Subject: [PATCH] Fix success_url parameter issue for Edit Snapshot

The "success_url" param is used when updating the project snapshot
[1] and it lacks sanitizing the input URL that allows an attacker to
redirect the user to another website. This patch update 'Updateview'
class to not use the "sucess_url" method.

Closes-bug: #1982676

[1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/snapshots/views.py#L109

Change-Id: Ied142440965b1a722e7a4dd1be3b1be3b3e1644b
---
 .../dashboards/project/snapshots/views.py            | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/openstack_dashboard/dashboards/project/snapshots/views.py b/openstack_dashboard/dashboards/project/snapshots/views.py
index 7efc4a8923..faf727926f 100644
--- a/openstack_dashboard/dashboards/project/snapshots/views.py
+++ b/openstack_dashboard/dashboards/project/snapshots/views.py
@@ -12,7 +12,6 @@
 
 from django.urls import reverse
 from django.urls import reverse_lazy
-from django.utils.http import urlencode
 from django.utils.translation import gettext_lazy as _
 
 from horizon import exceptions
@@ -104,11 +103,8 @@ class UpdateView(forms.ModalFormView):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context['snapshot'] = self.get_object()
-        success_url = self.request.GET.get('success_url', "")
         args = (self.kwargs['snapshot_id'],)
-        params = urlencode({"success_url": success_url})
-        context['submit_url'] = "?".join([reverse(self.submit_url, args=args),
-                                          params])
+        context['submit_url'] = reverse(self.submit_url, args=args)
         return context
 
     def get_initial(self):
@@ -117,12 +113,6 @@ class UpdateView(forms.ModalFormView):
                 'name': snapshot.name,
                 'description': snapshot.description}
 
-    def get_success_url(self):
-        success_url = self.request.GET.get(
-            "success_url",
-            reverse_lazy("horizon:project:snapshots:index"))
-        return success_url
-
 
 class DetailView(tabs.TabView):
     tab_group_class = vol_snapshot_tabs.SnapshotDetailTabs