Skip to content

Commit

Permalink
Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect.
Browse files Browse the repository at this point in the history 
Thanks liangent for the report.
  • Loading branch information
@bmispelon @timgraham
bmispelon authored and timgraham committed Jul 30, 2013
1 parent 75cf5fc commit 3c45fb8
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
4 changes: 2 additions & 2 deletions django/http/response.py
View file
Expand Up @@ -14,7 +14,7 @@
from django.core.exceptions import DisallowedRedirect from django.core.exceptions import DisallowedRedirect
from django.http.cookie import SimpleCookie from django.http.cookie import SimpleCookie
from django.utils import six, timezone from django.utils import six, timezone
from django.utils.encoding import force_bytes, iri_to_uri from django.utils.encoding import force_bytes, force_text, iri_to_uri
from django.utils.http import cookie_date from django.utils.http import cookie_date
from django.utils.six.moves import map from django.utils.six.moves import map


Expand Down Expand Up @@ -393,7 +393,7 @@ class HttpResponseRedirectBase(HttpResponse):
allowed_schemes = ['http', 'https', 'ftp'] allowed_schemes = ['http', 'https', 'ftp']


def __init__(self, redirect_to, *args, **kwargs): def __init__(self, redirect_to, *args, **kwargs):
parsed = urlparse(redirect_to) parsed = urlparse(force_text(redirect_to))
if parsed.scheme and parsed.scheme not in self.allowed_schemes: if parsed.scheme and parsed.scheme not in self.allowed_schemes:
raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme) raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
Expand Down
14 changes: 13 additions & 1 deletion tests/httpwrappers/tests.py
View file
Expand Up @@ -16,10 +16,13 @@
SimpleCookie, BadHeaderError, SimpleCookie, BadHeaderError,
parse_cookie) parse_cookie)
from django.test import TestCase from django.test import TestCase
from django.utils.encoding import smart_str from django.utils.encoding import smart_str, force_text
from django.utils.functional import lazy
from django.utils._os import upath from django.utils._os import upath
from django.utils import six from django.utils import six


lazystr = lazy(force_text, six.text_type)



class QueryDictTests(unittest.TestCase): class QueryDictTests(unittest.TestCase):
def test_missing_key(self): def test_missing_key(self):
Expand Down Expand Up @@ -366,6 +369,10 @@ def test_iterator_isnt_rewound(self):
self.assertEqual(list(i), [b'abc']) self.assertEqual(list(i), [b'abc'])
self.assertEqual(list(i), []) self.assertEqual(list(i), [])


def test_lazy_content(self):
r = HttpResponse(lazystr('helloworld'))
self.assertEqual(r.content, b'helloworld')

def test_file_interface(self): def test_file_interface(self):
r = HttpResponse() r = HttpResponse()
r.write(b"hello") r.write(b"hello")
Expand Down Expand Up @@ -402,6 +409,11 @@ def test_redirect(self):
# Test that url attribute is right # Test that url attribute is right
self.assertEqual(response.url, response['Location']) self.assertEqual(response.url, response['Location'])


def test_redirect_lazy(self):
"""Make sure HttpResponseRedirect works with lazy strings."""
r = HttpResponseRedirect(lazystr('/redirected/'))
self.assertEqual(r.url, '/redirected/')

def test_not_modified(self): def test_not_modified(self):
response = HttpResponseNotModified() response = HttpResponseNotModified()
self.assertEqual(response.status_code, 304) self.assertEqual(response.status_code, 304)
Expand Down

0 comments on commit 3c45fb8

Please sign in to comment.