Opened 9 years ago

Last modified 9 years ago

#26466 closed Bug

set_language with next unset and a urlencoded HTTP_REFERER fails redirection — at Version 3

Reported by: Miikka Salminen Owned by: Miikka Salminen
Component: Internationalization Version: 1.9
Severity: Normal Keywords: set_language
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Miikka Salminen)

POSTing to set_language when next is not set causes Django to use HTTP_REFERER instead. If the URL in HTTP_REFERER is urlencoded, the resulting redirection will fail.

The bug is caused by the call to translate_url function in set_language. translate_url passes the URL on to reverse, which assumes URLs that are not urlencoded, thus resulting in a double urlencoded URL, which obviously will not work. Non-urlencoded URLs in HTTP_REFERER work correctly.

An easy way to test this is to have a view with a URL with unicode characters in it and use the translation selector widget provided in the i18n docs, but with the redirect_to context variable undefined – basically the way I found this bug.

AFAIK there's no standard about whether the browser should encode the URL in HTTP_REFERER, but most of the new browsers do so anyway. The bug should be easy to fix, thus, by just decoding the string in HTTP_REFERER – if it was encoded, it will now be unencoded, if it was not encoded, it will be unchanged (disregarding a corner case of ambiguous URLs with substrings like %C3%A4 verbatim with browsers that don't encode the URLs). I'll make a pull request within a few days.

Change History (3)

comment:1 by Miikka Salminen, 9 years ago

Owner: changed from nobody to Miikka Salminen
Status: newassigned

comment:2 by Tim Graham, 9 years ago

Triage Stage: UnreviewedAccepted

comment:3 by Miikka Salminen, 9 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top