Opened 8 years ago
Last modified 8 years ago
#26466 closed Bug
set_language with next unset and a urlencoded HTTP_REFERER fails redirection — at Version 3
| Reported by: | Miikka Salminen | Owned by: | Miikka Salminen |
|---|---|---|---|
| Component: | Internationalization | Version: | 1.9 |
| Severity: | Normal | Keywords: | set_language |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
POSTing to set_language when next is not set causes Django to use HTTP_REFERER instead. If the URL in HTTP_REFERER is urlencoded, the resulting redirection will fail.
The bug is caused by the call to translate_url function in set_language. translate_url passes the URL on to reverse, which assumes URLs that are not urlencoded, thus resulting in a double urlencoded URL, which obviously will not work. Non-urlencoded URLs in HTTP_REFERER work correctly.
An easy way to test this is to have a view with a URL with unicode characters in it and use the translation selector widget provided in the i18n docs, but with the redirect_to context variable undefined – basically the way I found this bug.
AFAIK there's no standard about whether the browser should encode the URL in HTTP_REFERER, but most of the new browsers do so anyway. The bug should be easy to fix, thus, by just decoding the string in HTTP_REFERER – if it was encoded, it will now be unencoded, if it was not encoded, it will be unchanged (disregarding a corner case of ambiguous URLs with substrings like %C3%A4 verbatim with browsers that don't encode the URLs). I'll make a pull request within a few days.
Change History (3)
comment:1 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:3 by , 8 years ago
| Description: | modified (diff) |
|---|