Fixed #21458 -- Made check_for_language more resistant to malformed input.
Thanks to Sergey Sorokin for the report and to Bouke Haarsma for the review.
This commit is contained in:
parent
331d79a77d
commit
8f5a688d00
|
@ -44,6 +44,8 @@ accept_language_re = re.compile(r'''
|
||||||
(?:\s*,\s*|$) # Multiple accepts per header.
|
(?:\s*,\s*|$) # Multiple accepts per header.
|
||||||
''', re.VERBOSE)
|
''', re.VERBOSE)
|
||||||
|
|
||||||
|
language_code_re = re.compile(r'^[a-z]{1,8}(?:-[a-z0-9]{1,8})*$', re.IGNORECASE)
|
||||||
|
|
||||||
language_code_prefix_re = re.compile(r'^/([\w-]+)(/|$)')
|
language_code_prefix_re = re.compile(r'^/([\w-]+)(/|$)')
|
||||||
|
|
||||||
# some browsers use deprecated locales. refs #18419
|
# some browsers use deprecated locales. refs #18419
|
||||||
|
@ -393,9 +395,11 @@ def check_for_language(lang_code):
|
||||||
"""
|
"""
|
||||||
Checks whether there is a global language file for the given language
|
Checks whether there is a global language file for the given language
|
||||||
code. This is used to decide whether a user-provided language is
|
code. This is used to decide whether a user-provided language is
|
||||||
available. This is only used for language codes from either the cookies
|
available.
|
||||||
or session and during format localization.
|
|
||||||
"""
|
"""
|
||||||
|
# First, a quick check to make sure lang_code is well-formed (#21458)
|
||||||
|
if not language_code_re.search(lang_code):
|
||||||
|
return False
|
||||||
for path in all_locale_paths():
|
for path in all_locale_paths():
|
||||||
if gettext_module.find('django', path, [to_locale(lang_code)]) is not None:
|
if gettext_module.find('django', path, [to_locale(lang_code)]) is not None:
|
||||||
return True
|
return True
|
||||||
|
|
|
@ -1318,6 +1318,8 @@ class CountrySpecificLanguageTests(TransRealMixin, TestCase):
|
||||||
self.assertTrue(check_for_language('en'))
|
self.assertTrue(check_for_language('en'))
|
||||||
self.assertTrue(check_for_language('en-us'))
|
self.assertTrue(check_for_language('en-us'))
|
||||||
self.assertTrue(check_for_language('en-US'))
|
self.assertTrue(check_for_language('en-US'))
|
||||||
|
self.assertFalse(check_for_language('en-ü'))
|
||||||
|
self.assertFalse(check_for_language('en\x00'))
|
||||||
|
|
||||||
def test_get_language_from_request(self):
|
def test_get_language_from_request(self):
|
||||||
# issue 19919
|
# issue 19919
|
||||||
|
|
Loading…
Reference in New Issue