Permalink
Browse files

allow next parameter to be passed in when creating a comment

  • Loading branch information...
1 parent 83647d2 commit 0a86c4374526551cb5e4bc3f9c9d9ff71f26d2d0 @brosner brosner committed Oct 8, 2010
Showing with 5 additions and 1 deletion.
  1. +5 −1 dialogos/views.py
View
@@ -19,7 +19,11 @@ def post_comment(request, content_type_id, object_id):
form = form_class(request.POST, request=request, obj=obj)
if form.is_valid():
form.save()
- return redirect(obj)
+ redirect_to = request.POST.get("next")
+ # light security check -- make sure redirect_to isn't garbage.
+ if not redirect_to or " " in redirect_to or redirect_to.startswith("http"):
+ redirect_to = obj
+ return redirect(redirect_to)
@login_required

0 comments on commit 0a86c43

Please sign in to comment.