Context Navigation

← Previous Ticket
Next Ticket →

#12445 closed (fixed)

iri_to_uri undesirably converts ~ to %7E

Reported by:	jille@…	Owned by:	nobody
Component:	HTTP handling	Version:	dev
Severity:		Keywords:	iri_to_uri redirect tilde userdir
Cc:		Triage Stage:	Unreviewed
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

At the moment it is not possible to redirect to so-called user-dirs (e.g. http://host/~username/); because HttpResponseRedirect uses iri_to_uri, which does:

  return urllib.quote(smart_str(iri), safe='/#%[]=:;$&()+,!?*')

By adding ~ to the list of 'safe characters' my problem goes away.

My apologies if I ain't clear enough.

Attachments (2)

django-iri_to_uri.patch (468 bytes) - added by jille@… 13 years ago.: Proposed patch
12445.diff (1.2 KB) - added by Gary Wilson 13 years ago.

Download all attachments as: .zip

Change History (9)

Changed 13 years ago by jille@…

Attachment:	django-iri_to_uri.patch added

Proposed patch

comment:1 Changed 13 years ago by James Bennett

Resolution:	→ invalid
Status:	new → closed

Per RFC 3986, /~username/ and /%7Eusername/ are equivalent, and two otherwise-equivalent URIs which differ only in whether they encode the tilde identify the same resource. Additionally, RFC 1738 declares the tilde "unsafe" and states that it must always be encoded within a URL. Thus, as far as I can tell, iri_to_uri is behaving correctly.

comment:2 Changed 13 years ago by jille@…

Section 2.3 of RFC 3986 states:

  URIs that differ in the replacement of an unreserved character with
   its corresponding percent-encoded US-ASCII octet are equivalent: they
   identify the same resource.

and

  For consistency, percent-encoded octets in the ranges of ALPHA
   (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period (%2E),
   underscore (%5F), or tilde (%7E) should not be created by URI
   producers

So, Django should not do it; however lighttpd (in my case) should accept it.
I'll file this as an lighttpd bug.

comment:3 Changed 13 years ago by jille@…

FTR: Filed as http://redmine.lighttpd.net/issues/2124

comment:4 Changed 13 years ago by Luke Plant

Resolution:	invalid
Status:	closed → reopened

RFC 3986 obsoletes 1738, so we have to go with 3986 here, especially as it specifically addresses the issue of tilde, noting (in section 2.4) that older implementations might produce %7E, and says that URI producers should not be producing %7E (section 2.3), as jille@… noted above. So I'm re-opening.

comment:5 Changed 13 years ago by Gary Wilson

django-dev discussion: http://groups.google.com/group/django-developers/t/281127e5c4aeef9d

Changed 13 years ago by Gary Wilson

Attachment:	12445.diff added

comment:6 Changed 13 years ago by Gary Wilson

Resolution:	→ fixed
Status:	reopened → closed

(In [12066]) Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in iri_to_uri function.

comment:7 Changed 13 years ago by Gary Wilson

(In [12067]) [1.1.X] Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in iri_to_uri function.

Backport of r12066 from trunk.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues