From 29ad5fce6f1824206ff8c08b5bb181b9ce1e288d Mon Sep 17 00:00:00 2001
From: bmedx <bmesick@edx.org>
Date: Wed, 6 Jun 2018 12:39:20 -0400
Subject: [PATCH] Change usages of is_safe_url to use new allowed_hosts instead
 of host

"host" parameter is deprecated and throws a warning
---
 common/djangoapps/student/helpers.py           | 2 +-
 common/djangoapps/student/views/login.py       | 2 +-
 openedx/core/djangoapps/external_auth/views.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/common/djangoapps/student/helpers.py b/common/djangoapps/student/helpers.py
index 32f98e6dd2..81bd6b4b09 100644
--- a/common/djangoapps/student/helpers.py
+++ b/common/djangoapps/student/helpers.py
@@ -330,7 +330,7 @@ def get_redirect_to(request):
     # get information about a user on edx.org. In any such case drop the parameter.
     if redirect_to:
         mime_type, _ = mimetypes.guess_type(redirect_to, strict=False)
-        if not http.is_safe_url(redirect_to, host=request.get_host()):
+        if not http.is_safe_url(redirect_to, allowed_hosts={request.get_host()}):
             log.warning(
                 u'Unsafe redirect parameter detected after login page: %(redirect_to)r',
                 {"redirect_to": redirect_to}
diff --git a/common/djangoapps/student/views/login.py b/common/djangoapps/student/views/login.py
index 960a6a0440..0a082a0352 100644
--- a/common/djangoapps/student/views/login.py
+++ b/common/djangoapps/student/views/login.py
@@ -747,7 +747,7 @@ class LogoutView(TemplateView):
         """
         target_url = self.request.GET.get('redirect_url')
 
-        if target_url and is_safe_url(target_url, self.request.META.get('HTTP_HOST')):
+        if target_url and is_safe_url(target_url, allowed_hosts={self.request.META.get('HTTP_HOST')}):
             return target_url
         else:
             return self.default_target
diff --git a/openedx/core/djangoapps/external_auth/views.py b/openedx/core/djangoapps/external_auth/views.py
index c735436818..d4c13e6957 100644
--- a/openedx/core/djangoapps/external_auth/views.py
+++ b/openedx/core/djangoapps/external_auth/views.py
@@ -556,7 +556,7 @@ def _safe_postlogin_redirect(redirect_to, safehost, default_redirect='/'):
     @param safehost: which host is safe to redirect to
     @return: an HttpResponseRedirect
     """
-    if is_safe_url(url=redirect_to, host=safehost):
+    if is_safe_url(url=redirect_to, allowed_hosts={safehost}):
         return redirect(redirect_to)
     return redirect(default_redirect)