mirror of https://github.com/django/django.git
Fixed #27606 -- Fixed HttpResponseRedirect.__repr__() crash when DisallowedRedirect is raised.
This commit is contained in:
parent
6af23a4521
commit
a849ec1880
|
@ -420,11 +420,11 @@ class HttpResponseRedirectBase(HttpResponse):
|
|||
allowed_schemes = ['http', 'https', 'ftp']
|
||||
|
||||
def __init__(self, redirect_to, *args, **kwargs):
|
||||
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
|
||||
self['Location'] = iri_to_uri(redirect_to)
|
||||
parsed = urlparse(force_text(redirect_to))
|
||||
if parsed.scheme and parsed.scheme not in self.allowed_schemes:
|
||||
raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
|
||||
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
|
||||
self['Location'] = iri_to_uri(redirect_to)
|
||||
|
||||
url = property(lambda self: self['Location'])
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ import pickle
|
|||
import unittest
|
||||
import uuid
|
||||
|
||||
from django.core.exceptions import SuspiciousOperation
|
||||
from django.core.exceptions import DisallowedRedirect, SuspiciousOperation
|
||||
from django.core.serializers.json import DjangoJSONEncoder
|
||||
from django.core.signals import request_finished
|
||||
from django.db import close_old_connections
|
||||
|
@ -517,6 +517,17 @@ class HttpResponseSubclassesTests(SimpleTestCase):
|
|||
expected = '<HttpResponseRedirect status_code=302, "text/html; charset=utf-8", url="/redirected/">'
|
||||
self.assertEqual(repr(response), expected)
|
||||
|
||||
def test_invalid_redirect_repr(self):
|
||||
"""
|
||||
If HttpResponseRedirect raises DisallowedRedirect, its __repr__()
|
||||
should work (in the debug view, for example).
|
||||
"""
|
||||
response = HttpResponseRedirect.__new__(HttpResponseRedirect)
|
||||
with self.assertRaisesMessage(DisallowedRedirect, "Unsafe redirect to URL with protocol 'ssh'"):
|
||||
HttpResponseRedirect.__init__(response, 'ssh://foo')
|
||||
expected = '<HttpResponseRedirect status_code=302, "text/html; charset=utf-8", url="ssh://foo">'
|
||||
self.assertEqual(repr(response), expected)
|
||||
|
||||
def test_not_modified(self):
|
||||
response = HttpResponseNotModified()
|
||||
self.assertEqual(response.status_code, 304)
|
||||
|
|
Loading…
Reference in New Issue