Opened 7 years ago

Last modified 7 years ago

#28796 closed Cleanup/optimization

django.utils.http.urlsafe_base64_encode() broken in Django 2.0 — at Version 3

Reported by: Nick Owned by: nobody
Component: Documentation Version: 2.0
Severity: Normal Keywords:
Cc: nathompson7@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Nick)

Suppose we have:

hashed_msg = hmac.new(key, msg=message, digestmod=sha384)
url = urlsafe_base64_encode(hashed.digest())

Now url is a bytes object, say b'asdfwerqwefa'. In django 1.11, bytes-like objects could be placed in urls no problem, creating (say) localhost:8000/asdfwerqwefa

However, in django 2.0, the url becomes (say)

localhost:8000/b'asdfwerqwefa'

which seems less 'urlsafe', as the quotes and the 'b' are added into the url. Shouldn't urlsafe_base64_encode now return a string, if bytes in urls now retain the quotes?

I have created a full project which reproduces the bug here:

https://github.com/NAThompson/urlsafe_bug

To reproduce the bug, type:

$ ./manage.py shell

import reproduce

Change History (3)

comment:1 by Tim Graham, 7 years ago

Component: UncategorizedUtilities
Summary: urlsafe_base64_encode broken on Django 2.0django.utils.http.urlsafe_base64_encode() broken in Django 2.0
Type: UncategorizedBug

Could you please edit the description to include a complete code snippet that reproduces the problem?

Ideally, you could also bisect to find the commit where the behavior changed.

comment:2 by Claude Paroz, 7 years ago

I would be all for making urlsafe_base64_encode return a string, but it would be plainly backwards incompatible, as much existing code is already doing a decode() on the result of this function. See usage in django/contrib/auth/forms.py for example.

comment:3 by Nick, 7 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top