Permalink
Browse files

Fixed #3651 -- Changed set_language_view() to require POST request is…

… used, in accordance with the HTTP spec (it changes the user's state). Thanks, Fraser Nevett.

This is a backwards incompatible change for anybody previously using this view.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6177 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 5188a18 commit 99d12c5d7054529fa8a87148cc17ca4f639b620c @malcolmt malcolmt committed Sep 14, 2007
Showing with 13 additions and 7 deletions.
  1. +13 −7 django/views/i18n.py
View
@@ -9,20 +9,26 @@ def set_language(request):
"""
Redirect to a given url while setting the chosen language in the
session or cookie. The url and the language code need to be
- specified in the GET parameters.
+ specified in the request parameters.
+
+ Since this view changes how the user will see the rest of the site, it must
+ only be accessed as a POST request. If called as a GET request, it will
+ redirect to the page in the request (the 'next' parameter) without changing
+ any state.
"""
- lang_code = request.GET.get('language', None)
next = request.GET.get('next', None)
if not next:
next = request.META.get('HTTP_REFERER', None)
if not next:
next = '/'
response = http.HttpResponseRedirect(next)
- if lang_code and check_for_language(lang_code):
- if hasattr(request, 'session'):
- request.session['django_language'] = lang_code
- else:
- response.set_cookie('django_language', lang_code)
+ if request.method == 'POST':
+ lang_code = request.POST.get('language', None)
+ if lang_code and check_for_language(lang_code):
+ if hasattr(request, 'session'):
+ request.session['django_language'] = lang_code
+ else:
+ response.set_cookie('django_language', lang_code)
return response
NullSource = """

0 comments on commit 99d12c5

Please sign in to comment.