Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#12445 closed (fixed)

iri_to_uri undesirably converts ~ to %7E

Reported by: jille@… Owned by: nobody
Component: HTTP handling Version: dev
Severity: Keywords: iri_to_uri redirect tilde userdir
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


At the moment it is not possible to redirect to so-called user-dirs (e.g. http://host/~username/); because HttpResponseRedirect uses iri_to_uri, which does:

  return urllib.quote(smart_str(iri), safe='/#%[]=:;$&()+,!?*')

By adding ~ to the list of 'safe characters' my problem goes away.

My apologies if I ain't clear enough.

Attachments (2)

django-iri_to_uri.patch (468 bytes) - added by jille@… 13 years ago.
Proposed patch
12445.diff (1.2 KB) - added by Gary Wilson 13 years ago.

Download all attachments as: .zip

Change History (9)

Changed 13 years ago by jille@…

Attachment: django-iri_to_uri.patch added

Proposed patch

comment:1 Changed 13 years ago by James Bennett

Resolution: invalid
Status: newclosed

Per RFC 3986, /~username/ and /%7Eusername/ are equivalent, and two otherwise-equivalent URIs which differ only in whether they encode the tilde identify the same resource. Additionally, RFC 1738 declares the tilde "unsafe" and states that it must always be encoded within a URL. Thus, as far as I can tell, iri_to_uri is behaving correctly.

comment:2 Changed 13 years ago by jille@…

Section 2.3 of RFC 3986 states:

  URIs that differ in the replacement of an unreserved character with
   its corresponding percent-encoded US-ASCII octet are equivalent: they
   identify the same resource. 


  For consistency, percent-encoded octets in the ranges of ALPHA
   (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period (%2E),
   underscore (%5F), or tilde (%7E) should not be created by URI

So, Django should not do it; however lighttpd (in my case) should accept it.
I'll file this as an lighttpd bug.

comment:4 Changed 13 years ago by Luke Plant

Resolution: invalid
Status: closedreopened

RFC 3986 obsoletes 1738, so we have to go with 3986 here, especially as it specifically addresses the issue of tilde, noting (in section 2.4) that older implementations might produce %7E, and says that URI producers should not be producing %7E (section 2.3), as jille@… noted above. So I'm re-opening.

Changed 13 years ago by Gary Wilson

Attachment: 12445.diff added

comment:6 Changed 13 years ago by Gary Wilson

Resolution: fixed
Status: reopenedclosed

(In [12066]) Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in iri_to_uri function.

comment:7 Changed 13 years ago by Gary Wilson

(In [12067]) [1.1.X] Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in iri_to_uri function.

Backport of r12066 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top