From 8f1ee3f6bc7d611f61318832a5547cea7fc46320 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Tue, 14 May 2019 17:14:43 +0200
Subject: [PATCH] views: validates EditProfile next_url (#33084)

---
 src/authentic2/views.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/authentic2/views.py b/src/authentic2/views.py
index c7bee83c..fef4124b 100644
--- a/src/authentic2/views.py
+++ b/src/authentic2/views.py
@@ -144,10 +144,11 @@ class EditProfile(cbv.HookMixin, cbv.TemplateNamesMixin, UpdateView):
         return kwargs
 
     def get_success_url(self):
-        field_name = 'edit-profile-next_url'
-        if self.request.method == 'POST' and field_name in self.request.POST:
-            return self.request.POST[field_name]
-        return reverse('account_management')
+        return utils.select_next_url(
+            self.request,
+            default=reverse('account_management'),
+            field_name='edit-profile-next_url',
+            include_post=True)
 
     def post(self, request, *args, **kwargs):
         if 'cancel' in request.POST:
-- 
2.20.1