Opened 7 years ago

Closed 7 years ago

#6301 closed (fixed)

HttpResponseRedirect should not be escaping the '*' character

Reported by: samidh Owned by: nobody
Component: HTTP handling Version: master
Severity: Keywords: HttpResponseRedirect
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Hello,

It appears the HttpResponseRedirect class is encoding the '*' character within a URL.

I believe this is a violation of RFC 3986.

Solution: The '*' character should be added to the safe-list so that it is not encoded.

Thanks for your time!

Attachments (1)

encoding.diff (415 bytes) - added by Simon Greenhill <dev@…> 7 years ago.

Download all attachments as: .zip

Change History (3)

Changed 7 years ago by Simon Greenhill <dev@…>

comment:1 Changed 7 years ago by Simon Greenhill <dev@…>

  • Has patch set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Ready for checkin

Yep, according to that RFC, the * should be kept:

reserved    = gen-delims / sub-delims

gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"

sub-delims  = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="

comment:2 Changed 7 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

(In [7064]) Fixed #6301 -- Added '*' to the characters not converted by iri_to_uri(), as
pointed out by samidh.

Note: See TracTickets for help on using tickets.
Back to Top