Skip to content

Commit

Permalink
Fixed #27606 -- Fixed HttpResponseRedirect.__repr__() crash when Disa…
Browse files Browse the repository at this point in the history 
…llowedRedirect is raised.
  • Loading branch information
@jleclanche @timgraham
jleclanche authored and timgraham committed Dec 19, 2016
1 parent 6af23a4 commit a849ec1
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
4 changes: 2 additions & 2 deletions django/http/response.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -420,11 +420,11 @@ class HttpResponseRedirectBase(HttpResponse):
allowed_schemes = ['http', 'https', 'ftp']

def __init__(self, redirect_to, *args, **kwargs):
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
self['Location'] = iri_to_uri(redirect_to)
parsed = urlparse(force_text(redirect_to))
if parsed.scheme and parsed.scheme not in self.allowed_schemes:
raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
self['Location'] = iri_to_uri(redirect_to)

url = property(lambda self: self['Location'])

Expand Down
13 changes: 12 additions & 1 deletion tests/httpwrappers/tests.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
import unittest
import uuid

from django.core.exceptions import SuspiciousOperation
from django.core.exceptions import DisallowedRedirect, SuspiciousOperation
from django.core.serializers.json import DjangoJSONEncoder
from django.core.signals import request_finished
from django.db import close_old_connections
Expand Down Expand Up @@ -517,6 +517,17 @@ def test_redirect_repr(self):
expected = '<HttpResponseRedirect status_code=302, "text/html; charset=utf-8", url="/redirected/">'
self.assertEqual(repr(response), expected)

def test_invalid_redirect_repr(self):
"""
If HttpResponseRedirect raises DisallowedRedirect, its __repr__()
should work (in the debug view, for example).
"""
response = HttpResponseRedirect.__new__(HttpResponseRedirect)
with self.assertRaisesMessage(DisallowedRedirect, "Unsafe redirect to URL with protocol 'ssh'"):
HttpResponseRedirect.__init__(response, 'ssh://foo')
expected = '<HttpResponseRedirect status_code=302, "text/html; charset=utf-8", url="ssh://foo">'
self.assertEqual(repr(response), expected)

def test_not_modified(self):
response = HttpResponseNotModified()
self.assertEqual(response.status_code, 304)
Expand Down

0 comments on commit a849ec1

Please sign in to comment.