diff --git a/aleksis/apps/chronos/templates/chronos/partials/lesson.html b/aleksis/apps/chronos/templates/chronos/partials/lesson.html
index 12d541ec0fb364e553db95fcf1dc00b2e8b8abce..3c25fa5e1401fefe8c170335ec6b8855ba5183ed 100644
--- a/aleksis/apps/chronos/templates/chronos/partials/lesson.html
+++ b/aleksis/apps/chronos/templates/chronos/partials/lesson.html
@@ -104,7 +104,7 @@
{% has_perm "chronos.edit_substitution_rule" user as can_edit_substitution %}
{% if can_edit_substitution %}
<br>
- <span><a href="{% url "edit_substitution" lesson_period.pk lesson_period.week.week %}">{% trans "Manage substitution" %}</a></span>
+ <span><a href="{% url "edit_substitution" lesson_period.pk lesson_period.week.week %}?back={{ request.path }}">{% trans "Manage substitution" %}</a></span>
{% endif %}
</p>
</div>
diff --git a/aleksis/apps/chronos/views.py b/aleksis/apps/chronos/views.py
index f73c0791b6eb02b24c3d799cef7a07ae89abc80c..ce272a71796515e4c6c92ee8231afe513f34d64a 100644
--- a/aleksis/apps/chronos/views.py
+++ b/aleksis/apps/chronos/views.py
@@ -7,6 +7,7 @@ from django.http import HttpRequest, HttpResponse, HttpResponseNotFound
from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse
from django.utils import timezone
+from django.utils.http import url_has_allowed_host_and_scheme
from django.utils.translation import gettext as _
from django.views.decorators.cache import never_cache
@@ -301,6 +302,16 @@ def edit_substitution(request: HttpRequest, id_: int, week: int) -> HttpResponse
messages.success(request, _("The substitution has been saved."))
+ back_url = request.GET.get("back", "")
+ back_url_is_safe = url_has_allowed_host_and_scheme(
+ url=back_url,
+ allowed_hosts={request.get_host()},
+ require_https=request.is_secure(),
+ )
+
+ if back_url_is_safe:
+ return redirect(back_url)
+
return redirect("lessons_day_by_date", year=day.year, month=day.month, day=day.day)
context["edit_substitution_form"] = edit_substitution_form