Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.6.x] Fixed #10491 -- Allowed passing lazy objects to HttpResponseR…

…edirect.

Thanks liangent for the report.

Backport of 3c45fb8 from master
  • Loading branch information...
commit badca4716fee99372ae545eaf6d5521db11348c1 1 parent bf132bc
Baptiste Mispelon bmispelon authored timgraham committed
Showing with 15 additions and 3 deletions.
  1. +2 −2 django/http/response.py
  2. +13 −1 tests/httpwrappers/tests.py
4 django/http/response.py
View
@@ -15,7 +15,7 @@
from django.core.exceptions import DisallowedRedirect
from django.http.cookie import SimpleCookie
from django.utils import six, timezone
-from django.utils.encoding import force_bytes, iri_to_uri
+from django.utils.encoding import force_bytes, force_text, iri_to_uri
from django.utils.http import cookie_date
from django.utils.six.moves import map
@@ -454,7 +454,7 @@ class HttpResponseRedirectBase(HttpResponse):
allowed_schemes = ['http', 'https', 'ftp']
def __init__(self, redirect_to, *args, **kwargs):
- parsed = urlparse(redirect_to)
+ parsed = urlparse(force_text(redirect_to))
if parsed.scheme and parsed.scheme not in self.allowed_schemes:
raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
14 tests/httpwrappers/tests.py
View
@@ -15,11 +15,14 @@
SimpleCookie, BadHeaderError,
parse_cookie)
from django.test import TestCase
-from django.utils.encoding import smart_str
+from django.utils.encoding import smart_str, force_text
+from django.utils.functional import lazy
from django.utils._os import upath
from django.utils import six
from django.utils import unittest
+lazystr = lazy(force_text, six.text_type)
+
class QueryDictTests(unittest.TestCase):
def test_missing_key(self):
@@ -379,6 +382,10 @@ def test_iterator_isnt_rewound(self):
self.assertEqual(list(i), [b'abc'])
self.assertEqual(list(i), [])
+ def test_lazy_content(self):
+ r = HttpResponse(lazystr('helloworld'))
+ self.assertEqual(r.content, b'helloworld')
+
def test_file_interface(self):
r = HttpResponse()
r.write(b"hello")
@@ -415,6 +422,11 @@ def test_redirect(self):
# Test that url attribute is right
self.assertEqual(response.url, response['Location'])
+ def test_redirect_lazy(self):
+ """Make sure HttpResponseRedirect works with lazy strings."""
+ r = HttpResponseRedirect(lazystr('/redirected/'))
+ self.assertEqual(r.url, '/redirected/')
+
def test_not_modified(self):
response = HttpResponseNotModified()
self.assertEqual(response.status_code, 304)
Please sign in to comment.
Something went wrong with that request. Please try again.