[1.6.x] Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect.

Thanks liangent for the report.

Backport of 3c45fb8589 from master
This commit is contained in:
Baptiste Mispelon 2013-04-20 05:20:01 +02:00 committed by Tim Graham
parent bf132bcb8d
commit badca4716f
2 changed files with 15 additions and 3 deletions

View File

@ -15,7 +15,7 @@ from django.core import signing
from django.core.exceptions import DisallowedRedirect from django.core.exceptions import DisallowedRedirect
from django.http.cookie import SimpleCookie from django.http.cookie import SimpleCookie
from django.utils import six, timezone from django.utils import six, timezone
from django.utils.encoding import force_bytes, iri_to_uri from django.utils.encoding import force_bytes, force_text, iri_to_uri
from django.utils.http import cookie_date from django.utils.http import cookie_date
from django.utils.six.moves import map from django.utils.six.moves import map
@ -454,7 +454,7 @@ class HttpResponseRedirectBase(HttpResponse):
allowed_schemes = ['http', 'https', 'ftp'] allowed_schemes = ['http', 'https', 'ftp']
def __init__(self, redirect_to, *args, **kwargs): def __init__(self, redirect_to, *args, **kwargs):
parsed = urlparse(redirect_to) parsed = urlparse(force_text(redirect_to))
if parsed.scheme and parsed.scheme not in self.allowed_schemes: if parsed.scheme and parsed.scheme not in self.allowed_schemes:
raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme) raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)

View File

@ -15,11 +15,14 @@ from django.http import (QueryDict, HttpResponse, HttpResponseRedirect,
SimpleCookie, BadHeaderError, SimpleCookie, BadHeaderError,
parse_cookie) parse_cookie)
from django.test import TestCase from django.test import TestCase
from django.utils.encoding import smart_str from django.utils.encoding import smart_str, force_text
from django.utils.functional import lazy
from django.utils._os import upath from django.utils._os import upath
from django.utils import six from django.utils import six
from django.utils import unittest from django.utils import unittest
lazystr = lazy(force_text, six.text_type)
class QueryDictTests(unittest.TestCase): class QueryDictTests(unittest.TestCase):
def test_missing_key(self): def test_missing_key(self):
@ -379,6 +382,10 @@ class HttpResponseTests(unittest.TestCase):
self.assertEqual(list(i), [b'abc']) self.assertEqual(list(i), [b'abc'])
self.assertEqual(list(i), []) self.assertEqual(list(i), [])
def test_lazy_content(self):
r = HttpResponse(lazystr('helloworld'))
self.assertEqual(r.content, b'helloworld')
def test_file_interface(self): def test_file_interface(self):
r = HttpResponse() r = HttpResponse()
r.write(b"hello") r.write(b"hello")
@ -415,6 +422,11 @@ class HttpResponseSubclassesTests(TestCase):
# Test that url attribute is right # Test that url attribute is right
self.assertEqual(response.url, response['Location']) self.assertEqual(response.url, response['Location'])
def test_redirect_lazy(self):
"""Make sure HttpResponseRedirect works with lazy strings."""
r = HttpResponseRedirect(lazystr('/redirected/'))
self.assertEqual(r.url, '/redirected/')
def test_not_modified(self): def test_not_modified(self):
response = HttpResponseNotModified() response = HttpResponseNotModified()
self.assertEqual(response.status_code, 304) self.assertEqual(response.status_code, 304)