summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorBaptiste Mispelon <bmispelon@gmail.com>2013-04-20 05:20:01 +0200
committerTim Graham <timograham@gmail.com>2013-07-30 13:40:18 -0400
commitbadca4716fee99372ae545eaf6d5521db11348c1 (patch)
treed1072a8b9295018523ca8ada4c275ff1e61b4e04 /django
parentbf132bcb8d741a161cd9ff61073ac40e7e873b59 (diff)
[1.6.x] Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect.
Thanks liangent for the report. Backport of 3c45fb8589 from master
Diffstat (limited to 'django')
-rw-r--r--django/http/response.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/django/http/response.py b/django/http/response.py
index 784f21174e..8d8db2c8b4 100644
--- a/django/http/response.py
+++ b/django/http/response.py
@@ -15,7 +15,7 @@ from django.core import signing
from django.core.exceptions import DisallowedRedirect
from django.http.cookie import SimpleCookie
from django.utils import six, timezone
-from django.utils.encoding import force_bytes, iri_to_uri
+from django.utils.encoding import force_bytes, force_text, iri_to_uri
from django.utils.http import cookie_date
from django.utils.six.moves import map
@@ -454,7 +454,7 @@ class HttpResponseRedirectBase(HttpResponse):
allowed_schemes = ['http', 'https', 'ftp']
def __init__(self, redirect_to, *args, **kwargs):
- parsed = urlparse(redirect_to)
+ parsed = urlparse(force_text(redirect_to))
if parsed.scheme and parsed.scheme not in self.allowed_schemes:
raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)