Opened 8 years ago
Closed 6 years ago
#28123 closed Bug (wontfix)
django.utils.html.smart_urlquote() is incorrectly parsing the query string
Reported by: | Denis Pechenev | Owned by: | nobody |
---|---|---|---|
Component: | Utilities | Version: | 1.10 |
Severity: | Normal | Keywords: | smart_urlquote python2 |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Query string like 'search_text=%D0%B4%D0%B6%D0%B8%D0%BD%D1%81%D0%BE%D0%B2%D1%8B%D0%B5+%D0%BA%D1%83%D1%80%D1%82%D0%BA%D0%B8' is already encoded. But smart_urlquote() encodes it again because of incorrect parsing in parse_qsl(). Value should be encoded with ASCII before parsing.
So there should be something like:
query_parts = [(unquote(force_str(q[0])), unquote(force_str(q[1]))) for q in parse_qsl(query.encode('ascii'), keep_blank_values=True)]
https://github.com/django/django/blob/master/django/utils/html.py#L216
Change History (11)
comment:1 by , 8 years ago
Description: | modified (diff) |
---|
comment:2 by , 8 years ago
Type: | Uncategorized → Bug |
---|
comment:5 by , 8 years ago
comment:6 by , 8 years ago
As far as I can tell, Python 3 isn't affected. Since the master branch doesn't support Python 2 and I don't think this issue qualifies for a backport based on our supported versions policy, I think we can close it as wontfix.
comment:7 by , 8 years ago
Component: | Uncategorized → Utilities |
---|---|
Resolution: | → wontfix |
Status: | new → closed |
comment:8 by , 8 years ago
Resolution: | wontfix |
---|---|
Status: | closed → new |
While python3 is great option, I don't think you're right. This bug has also exists in 1.10, 1.11 (LTS) versions which support python2.7.
Moreover it qualifies as data loss/corruption bug.
comment:10 by , 8 years ago
Replying to Tim Graham:
How does it cause data loss?
The bug doesn't cause data loss, but it causes data corruption after applying urlize() filter for strings which contain urls. So urls become broken and there is no way to fix that without forking urlize() or updating application to support python3 or applying some custom code. We have Django 1.10.7 and python 2.7. According the Documentation those versions are compatible.
Could you explain how to fix the bug without updating python to third version? Thank you in advance.
comment:11 by , 8 years ago
Triage Stage: | Unreviewed → Accepted |
---|
Since this is a regression in Django 1.8 due to 4b8a1d2c0d1a8c5107f3aef01597db78d2a2a5ce, we could accept a patch for Django 1.11.
comment:12 by , 6 years ago
Keywords: | python2 added |
---|
comment:13 by , 6 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
It seems a patch for this issue isn't forthcoming.
The is very annoying bug in
smart_urlquote
sinceurlize
(for example) calls it internally and passes unicode as an argument.And there is no way to wrap argument in
str()
(sic!) or at least.encode('ascii')
without forkingurlize
Here's an example to show the issue:
With unicode string resulting URL gets double urlquoted.