Ticket #17111: utf8-safe-redirect_to.patch

File utf8-safe-redirect_to.patch, 2.5 KB (added by Chris Adams, 13 years ago)

  • django/views/generic/simple.py 

    From f355d09cf6486a5b06a5d2bd7327f4f3a6e5c311 Mon Sep 17 00:00:00 2001
From: Chris Adams <chris@improbable.org>
Date: Tue, 25 Oct 2011 17:42:33 -0400
Subject: [PATCH] generic views: redirect_to should not interpolate query
 string content (see #17111)

Now redirect_to will not include the query string value until after performing
string interpolation to avoid an exception with data containing valid Python
string formatting sequences (e.g. UTF-8 escaped values such as "hist%C3%B3ria").
---
 django/views/generic/simple.py                     |   10 +++++++---
 .../regressiontests/views/tests/generic/simple.py  |    6 ++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/django/views/generic/simple.py b/django/views/generic/simple.py
index 0e1e6b0..c3cf407 100644
    a b def redirect_to(request, url, permanent=True, query_string=False, **kwargs):  
    4949
    5050    """
    5151    args = request.META.get('QUERY_STRING', '')
    52     if args and query_string and url is not None:
    53         url = "%s?%s" % (url, args)
    5452
    5553    if url is not None:
     54        if kwargs:
     55            url = url % kwargs
     56
     57        if args and query_string:
     58            url = "%s?%s" % (url, args)
     59
    5660        klass = permanent and HttpResponsePermanentRedirect or HttpResponseRedirect
    57         return klass(url % kwargs)
     61        return klass(url)
    5862    else:
    5963        logger.warning('Gone: %s' % request.path,
    6064                    extra={

  • tests/regressiontests/views/tests/generic/simple.py 

    diff --git a/tests/regressiontests/views/tests/generic/simple.py b/tests/regressiontests/views/tests/generic/simple.py
index be54af9..ed51b3d 100644
    a b class RedirectToTest(TestCase):  
    4848        self.assertEqual(response.status_code, 301)
    4949        self.assertEqual('http://testserver/simple/target/?param1=foo&param2=bar', response['Location'])
    5050
     51        # Confirm that the contents of the query string are not subject to
     52        # string interpolation:
     53        response = self.client.get('/simple/redirect_to_query/?param1=foo&param2=hist%C3%B3ria')
     54        self.assertEqual(response.status_code, 301)
     55        self.assertEqual('http://testserver/simple/target/?param1=foo&param2=hist%C3%B3ria', response['Location'])
     56
    5157    def test_redirect_to_when_meta_contains_no_query_string(self):
    5258        "regression for #16705"
    5359        # we can't use self.client.get because it always sets QUERY_STRING
Back to Top