diff options
Diffstat (limited to 'django')
| -rw-r--r-- | django/contrib/admin/options.py | 3 | ||||
| -rw-r--r-- | django/core/cache/utils.py | 4 | ||||
| -rw-r--r-- | django/template/defaultfilters.py | 6 | ||||
| -rw-r--r-- | django/urls/resolvers.py | 5 | ||||
| -rw-r--r-- | django/utils/http.py | 45 | ||||
| -rw-r--r-- | django/views/i18n.py | 5 |
6 files changed, 33 insertions, 35 deletions
diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py index ffca8163ec..ec99b67ddf 100644 --- a/django/contrib/admin/options.py +++ b/django/contrib/admin/options.py @@ -3,6 +3,7 @@ import json import operator from collections import OrderedDict from functools import partial, reduce, update_wrapper +from urllib.parse import quote as urlquote from django import forms from django.conf import settings @@ -39,7 +40,7 @@ from django.urls import reverse from django.utils.decorators import method_decorator from django.utils.encoding import force_text from django.utils.html import format_html -from django.utils.http import urlencode, urlquote +from django.utils.http import urlencode from django.utils.safestring import mark_safe from django.utils.text import capfirst, format_lazy, get_text_list from django.utils.translation import ugettext as _, ungettext diff --git a/django/core/cache/utils.py b/django/core/cache/utils.py index 84676b9237..e9e144275f 100644 --- a/django/core/cache/utils.py +++ b/django/core/cache/utils.py @@ -1,7 +1,7 @@ import hashlib +from urllib.parse import quote from django.utils.encoding import force_bytes -from django.utils.http import urlquote TEMPLATE_FRAGMENT_KEY_TEMPLATE = 'template.cache.%s.%s' @@ -9,6 +9,6 @@ TEMPLATE_FRAGMENT_KEY_TEMPLATE = 'template.cache.%s.%s' def make_template_fragment_key(fragment_name, vary_on=None): if vary_on is None: vary_on = () - key = ':'.join(urlquote(var) for var in vary_on) + key = ':'.join(quote(str(var)) for var in vary_on) args = hashlib.md5(force_bytes(key)) return TEMPLATE_FRAGMENT_KEY_TEMPLATE % (fragment_name, args.hexdigest()) diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py index c5080e6024..5a2413d22d 100644 --- a/django/template/defaultfilters.py +++ b/django/template/defaultfilters.py @@ -5,6 +5,7 @@ from decimal import ROUND_HALF_UP, Context, Decimal, InvalidOperation from functools import wraps from operator import itemgetter from pprint import pformat +from urllib.parse import quote from django.utils import formats from django.utils.dateformat import format, time_format @@ -13,7 +14,6 @@ from django.utils.html import ( avoid_wrapping, conditional_escape, escape, escapejs, linebreaks, strip_tags, urlize as _urlize, ) -from django.utils.http import urlquote from django.utils.safestring import SafeData, mark_safe from django.utils.text import ( Truncator, normalize_newlines, phone2numeric, slugify as _slugify, wrap, @@ -318,14 +318,14 @@ def urlencode(value, safe=None): Escapes a value for use in a URL. Takes an optional ``safe`` parameter used to determine the characters which - should not be escaped by Django's ``urlquote`` method. If not provided, the + should not be escaped by Python's quote() function. If not provided, the default safe characters will be used (but an empty string can be provided when *all* characters should be escaped). """ kwargs = {} if safe is not None: kwargs['safe'] = safe - return urlquote(value, **kwargs) + return quote(value, **kwargs) @register.filter(is_safe=True, needs_autoescape=True) diff --git a/django/urls/resolvers.py b/django/urls/resolvers.py index d838e19ceb..e71744ead7 100644 --- a/django/urls/resolvers.py +++ b/django/urls/resolvers.py @@ -9,6 +9,7 @@ import functools import re import threading from importlib import import_module +from urllib.parse import quote from django.conf import settings from django.core.checks import Warning @@ -17,7 +18,7 @@ from django.core.exceptions import ImproperlyConfigured from django.utils.datastructures import MultiValueDict from django.utils.encoding import force_text from django.utils.functional import cached_property -from django.utils.http import RFC3986_SUBDELIMS, urlquote +from django.utils.http import RFC3986_SUBDELIMS from django.utils.regex_helper import normalize from django.utils.translation import get_language @@ -455,7 +456,7 @@ class RegexURLResolver(LocaleRegexProvider): candidate_pat = _prefix.replace('%', '%%') + result if re.search('^%s%s' % (re.escape(_prefix), pattern), candidate_pat % candidate_subs): # safe characters from `pchar` definition of RFC 3986 - url = urlquote(candidate_pat % candidate_subs, safe=RFC3986_SUBDELIMS + str('/~:@')) + url = quote(candidate_pat % candidate_subs, safe=RFC3986_SUBDELIMS + '/~:@') # Don't allow construction of scheme relative urls. if url.startswith('//'): url = '/%%2F%s' % url[2:] diff --git a/django/utils/http.py b/django/utils/http.py index afa7368ee8..7e7b7ab321 100644 --- a/django/utils/http.py +++ b/django/utils/http.py @@ -14,7 +14,7 @@ from urllib.parse import ( from django.core.exceptions import TooManyFieldsSent from django.utils.datastructures import MultiValueDict from django.utils.deprecation import RemovedInDjango21Warning -from django.utils.encoding import force_bytes, force_str, force_text +from django.utils.encoding import force_bytes from django.utils.functional import keep_lazy_text # based on RFC 7232, Appendix C @@ -47,58 +47,53 @@ FIELDS_MATCH = re.compile('[&;]') @keep_lazy_text def urlquote(url, safe='/'): """ - A version of Python's urllib.quote() function that can operate on unicode - strings. The url is first UTF-8 encoded before quoting. The returned string - can safely be used as part of an argument to a subsequent iri_to_uri() call - without double-quoting occurring. + A legacy compatibility wrapper to Python's urllib.parse.quote() function. + (was used for unicode handling on Python 2) """ - return force_text(quote(force_str(url), force_str(safe))) + return quote(url, safe) @keep_lazy_text def urlquote_plus(url, safe=''): """ - A version of Python's urllib.quote_plus() function that can operate on - unicode strings. The url is first UTF-8 encoded before quoting. The - returned string can safely be used as part of an argument to a subsequent - iri_to_uri() call without double-quoting occurring. + A legacy compatibility wrapper to Python's urllib.parse.quote_plus() + function. (was used for unicode handling on Python 2) """ - return force_text(quote_plus(force_str(url), force_str(safe))) + return quote_plus(url, safe) @keep_lazy_text def urlunquote(quoted_url): """ - A wrapper for Python's urllib.unquote() function that can operate on - the result of django.utils.http.urlquote(). + A legacy compatibility wrapper to Python's urllib.parse.unquote() function. + (was used for unicode handling on Python 2) """ - return force_text(unquote(force_str(quoted_url))) + return unquote(quoted_url) @keep_lazy_text def urlunquote_plus(quoted_url): """ - A wrapper for Python's urllib.unquote_plus() function that can operate on - the result of django.utils.http.urlquote_plus(). + A legacy compatibility wrapper to Python's urllib.parse.unquote_plus() + function. (was used for unicode handling on Python 2) """ - return force_text(unquote_plus(force_str(quoted_url))) + return unquote_plus(quoted_url) -def urlencode(query, doseq=0): +def urlencode(query, doseq=False): """ - A version of Python's urllib.urlencode() function that can operate on - unicode strings. The parameters are first cast to UTF-8 encoded strings and - then encoded as per normal. + A version of Python's urllib.parse.urlencode() function that can operate on + MultiValueDict and non-string values. """ if isinstance(query, MultiValueDict): query = query.lists() elif hasattr(query, 'items'): query = query.items() return original_urlencode( - [(force_str(k), - [force_str(i) for i in v] if isinstance(v, (list, tuple)) else force_str(v)) - for k, v in query], - doseq) + [(k, [str(i) for i in v] if isinstance(v, (list, tuple)) else str(v)) + for k, v in query], + doseq + ) def cookie_date(epoch_seconds=None): diff --git a/django/views/i18n.py b/django/views/i18n.py index ada2624795..93a67d2a7e 100644 --- a/django/views/i18n.py +++ b/django/views/i18n.py @@ -1,6 +1,7 @@ import itertools import json import os +from urllib.parse import unquote from django import http from django.apps import apps @@ -9,7 +10,7 @@ from django.template import Context, Engine from django.urls import translate_url from django.utils.encoding import force_text from django.utils.formats import get_format -from django.utils.http import is_safe_url, urlunquote +from django.utils.http import is_safe_url from django.utils.translation import ( LANGUAGE_SESSION_KEY, check_for_language, get_language, ) @@ -35,7 +36,7 @@ def set_language(request): not is_safe_url(url=next, allowed_hosts={request.get_host()}, require_https=request.is_secure())): next = request.META.get('HTTP_REFERER') if next: - next = urlunquote(next) # HTTP_REFERER may be encoded. + next = unquote(next) # HTTP_REFERER may be encoded. if not is_safe_url(url=next, allowed_hosts={request.get_host()}, require_https=request.is_secure()): next = '/' response = http.HttpResponseRedirect(next) if next else http.HttpResponse(status=204) |
