Opened 9 years ago

Closed 9 years ago

#26466 closed Bug (fixed)

set_language with next unset and a urlencoded HTTP_REFERER fails redirection

Reported by: Miikka Salminen Owned by: Miikka Salminen
Component: Internationalization Version: 1.9
Severity: Normal Keywords: set_language
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Miikka Salminen)

POSTing to set_language when next is not set causes Django to use HTTP_REFERER instead. If the URL in HTTP_REFERER is urlencoded, the resulting redirection will fail.

The bug is caused by the call to translate_url function in set_language. translate_url passes the URL on to reverse, which assumes URLs that are not urlencoded, thus resulting in a double urlencoded URL, which obviously will not work. Non-urlencoded URLs in HTTP_REFERER work correctly.

An easy way to test this is to have a view with a URL with unicode characters in it and use the translation selector widget provided in the i18n docs, but with the redirect_to context variable undefined – basically the way I found this bug.

AFAIK there's no standard about whether the browser should encode the URL in HTTP_REFERER, but most of the new browsers do so anyway. The bug should be easy to fix, thus, by just decoding the string in HTTP_REFERER – if it was encoded, it will now be unencoded, if it was not encoded, it will be unchanged (disregarding a corner case of ambiguous URLs with substrings like %C3%A4 verbatim with browsers that don't encode the URLs). I'll make a pull request within a few days.

Change History (6)

comment:1 by Miikka Salminen, 9 years ago

Owner: changed from nobody to Miikka Salminen
Status: newassigned

comment:2 by Tim Graham, 9 years ago

Triage Stage: UnreviewedAccepted

comment:3 by Miikka Salminen, 9 years ago

Description: modified (diff)

comment:4 by Miikka Salminen, 9 years ago

Has patch: set

I have created a fix for the bug and a regression test for the fix: PR

Last edited 9 years ago by Tim Graham (previous) (diff)

comment:5 by Miikka Salminen, 9 years ago

Django's own urlunquote had to be used here instead of Python's unquote – the latter caused unicode problems on Py2 test suite. Anyway, the patch has been updated and everything should work now.

comment:6 by Tim Graham <timograham@…>, 9 years ago

Resolution: fixed
Status: assignedclosed

In 9e3f1417:

Fixed #26466 -- Added HTTP_REFERER decoding to i18n set_language() view.

Note: See TracTickets for help on using tickets.
Back to Top