Context Navigation

← Previous Ticket
Next Ticket →

#12445 closed (fixed)

iri_to_uri undesirably converts ~ to %7E

Reported by:	jille@…	Owned by:	nobody
Component:	HTTP handling	Version:	dev
Severity:		Keywords:	iri_to_uri redirect tilde userdir
Cc:		Triage Stage:	Unreviewed
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

At the moment it is not possible to redirect to so-called user-dirs (e.g. http://host/~username/); because HttpResponseRedirect uses iri_to_uri, which does:

  return urllib.quote(smart_str(iri), safe='/#%[]=:;$&()+,!?*')

By adding ~ to the list of 'safe characters' my problem goes away.

My apologies if I ain't clear enough.

Attachments (2)

django-iri_to_uri.patch (468 bytes ) - added by jille@… 15 years ago.: Proposed patch
12445.diff (1.2 KB ) - added by Gary Wilson 15 years ago.

Download all attachments as: .zip

Change History (9)

by jille@…, 15 years ago

Attachment:	django-iri_to_uri.patch added

Proposed patch

comment:1 by James Bennett, 15 years ago

Resolution:	→ invalid
Status:	new → closed

Per RFC 3986, /~username/ and /%7Eusername/ are equivalent, and two otherwise-equivalent URIs which differ only in whether they encode the tilde identify the same resource. Additionally, RFC 1738 declares the tilde "unsafe" and states that it must always be encoded within a URL. Thus, as far as I can tell, iri_to_uri is behaving correctly.

comment:2 by jille@…, 15 years ago

Section 2.3 of RFC 3986 states:

  URIs that differ in the replacement of an unreserved character with
   its corresponding percent-encoded US-ASCII octet are equivalent: they
   identify the same resource.

and

  For consistency, percent-encoded octets in the ranges of ALPHA
   (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period (%2E),
   underscore (%5F), or tilde (%7E) should not be created by URI
   producers

So, Django should not do it; however lighttpd (in my case) should accept it.
I'll file this as an lighttpd bug.

comment:3 by jille@…, 15 years ago

FTR: Filed as http://redmine.lighttpd.net/issues/2124

comment:4 by Luke Plant, 15 years ago

Resolution:	invalid
Status:	closed → reopened

RFC 3986 obsoletes 1738, so we have to go with 3986 here, especially as it specifically addresses the issue of tilde, noting (in section 2.4) that older implementations might produce %7E, and says that URI producers should not be producing %7E (section 2.3), as jille@… noted above. So I'm re-opening.

comment:5 by Gary Wilson, 15 years ago

django-dev discussion: http://groups.google.com/group/django-developers/t/281127e5c4aeef9d

by Gary Wilson, 15 years ago

Attachment:	12445.diff added

comment:6 by Gary Wilson, 15 years ago

Resolution:	→ fixed
Status:	reopened → closed

(In [12066]) Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in iri_to_uri function.

comment:7 by Gary Wilson, 15 years ago

(In [12067]) [1.1.X] Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in iri_to_uri function.

Backport of r12066 from trunk.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues