diff options
| author | Baptiste Mispelon <bmispelon@gmail.com> | 2013-04-20 05:20:01 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2013-07-30 13:40:18 -0400 |
| commit | badca4716fee99372ae545eaf6d5521db11348c1 (patch) | |
| tree | d1072a8b9295018523ca8ada4c275ff1e61b4e04 /django | |
| parent | bf132bcb8d741a161cd9ff61073ac40e7e873b59 (diff) | |
[1.6.x] Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect.
Thanks liangent for the report.
Backport of 3c45fb8589 from master
Diffstat (limited to 'django')
| -rw-r--r-- | django/http/response.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/django/http/response.py b/django/http/response.py index 784f21174e..8d8db2c8b4 100644 --- a/django/http/response.py +++ b/django/http/response.py @@ -15,7 +15,7 @@ from django.core import signing from django.core.exceptions import DisallowedRedirect from django.http.cookie import SimpleCookie from django.utils import six, timezone -from django.utils.encoding import force_bytes, iri_to_uri +from django.utils.encoding import force_bytes, force_text, iri_to_uri from django.utils.http import cookie_date from django.utils.six.moves import map @@ -454,7 +454,7 @@ class HttpResponseRedirectBase(HttpResponse): allowed_schemes = ['http', 'https', 'ftp'] def __init__(self, redirect_to, *args, **kwargs): - parsed = urlparse(redirect_to) + parsed = urlparse(force_text(redirect_to)) if parsed.scheme and parsed.scheme not in self.allowed_schemes: raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme) super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) |
