Opened 9 years ago

Closed 9 years ago

#25572 closed Bug (duplicate)

APPEND_SLASH (and others) sometimes redirect to invalid URL by encoding the entire URI

Reported by: Amine Haddad Owned by: nobody
Component: Core (URLs) Version: 1.8
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When APPEND_SLASH is True (default), the request for "/test/+123?foo=+123" redirects to "/test/%2B123/?foo=%2B123" instead of "/test/+123/?foo=%2B123".

Sources:
http://stackoverflow.com/a/332897 (the "+" should not be encoded in escape or encodeURI)
https://github.com/django/django/blob/master/django/http/request.py#L122
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
https://www.ietf.org/rfc/rfc2396.txt "Likewise, a URI must be separated into its components before the escaped characters within those components can be safely decoded."

Sample urls.py line that redirects to the invalid "/test/%2B123/" when a slash is missing:

url(r'^test/(?P<foobar>\+[0-9]+)/$', 'test', name='test')

Solution: It should redirect to: /test/+123/?... instead of /test/%2B123/?...

Change History (1)

comment:1 by Claude Paroz, 9 years ago

Resolution: duplicate
Status: newclosed

I couldn't reproduce on master, and it was apparently fixed in [9128762f1608f9633005f16c95270058a50ada2b] (#19910).

Note: See TracTickets for help on using tickets.
Back to Top