Permalink
Browse files

Merge pull request #157 from groovecoder/bug-742451-unicode-next-url

Fix Bug 742451 bad characters in referer
  • Loading branch information...
ubernostrum committed Apr 10, 2012
2 parents fae537f + 37f3964 commit 67dbe678c15d043547afe529e7af9d58683a6a87
Showing with 21 additions and 1 deletion.
  1. +18 −0 apps/users/tests/test_templates.py
  2. +3 −1 apps/users/views.py
@@ -11,9 +11,11 @@
import mock
from nose.tools import eq_
from nose.plugins.attrib import attr
from pyquery import PyQuery as pq
from test_utils import RequestFactory
import constance.config
from dekicompat.tests import (SINGLE_ACCOUNT_FIXTURE_XML,
mock_post_mindtouch_user,
mock_put_mindtouch_user,
@@ -114,6 +116,22 @@ def test_login_next_parameter_all_forms(self):
doc = pq(response.content)
eq_(next, doc('input[name="next"]')[0].attrib['value'])
@attr('latin1char_next')
def test_latin1_characters_in_next_parameter(self):
'''Some pages have bad chars in the url, which can kill clean_next_url.
Test with a bad character in HTTP_REFERER.'''
constance.config.BROWSERID_LOCALES = 'en-us, fr'
next = '/fr/Firefox_pour_les_d\xc3\xa9veloppeurs'
response = self.client.get(urlparams(
reverse('users.browserid_header_signin_html', locale='fr')),
**{'HTTP_REFERER': next,
'ACCEPT_LANGUAGE': 'fr',
})
eq_(200, response.status_code)
doc = pq(response.content)
eq_(unicode(next.decode('latin1', 'ignore')),
doc('input[name="next"]')[0].attrib['value'])
@mock.patch_object(Site.objects, 'get_current')
def test_clean_url(self, get_current):
'''Verify that protocol and domain get removed.'''
View
@@ -610,8 +610,10 @@ def _clean_next_url(request):
url = request.POST.get('next')
elif 'next' in request.GET:
url = request.GET.get('next')
elif 'HTTP_REFERER' in request.META:
url = request.META.get('HTTP_REFERER').decode('latin1', 'ignore')
else:
url = request.META.get('HTTP_REFERER')
url = None
if url:
parsed_url = urlparse.urlparse(url)

0 comments on commit 67dbe67

Please sign in to comment.