From c548c8d0d1112d2c4bace2eebf73ede35300d842 Mon Sep 17 00:00:00 2001 From: Unai Zalakain Date: Fri, 31 Oct 2014 17:43:34 +0200 Subject: Fixed #18456 -- Added path escaping to HttpRequest.get_full_path(). --- django/http/request.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'django/http/request.py') diff --git a/django/http/request.py b/django/http/request.py index 4b9c7a77d5..486eeb5410 100644 --- a/django/http/request.py +++ b/django/http/request.py @@ -15,7 +15,9 @@ from django.core.files import uploadhandler from django.http.multipartparser import MultiPartParser, MultiPartParserError from django.utils import six from django.utils.datastructures import MultiValueDict, ImmutableList -from django.utils.encoding import force_bytes, force_text, force_str, iri_to_uri +from django.utils.encoding import ( + force_bytes, force_text, force_str, escape_uri_path, iri_to_uri, +) from django.utils.six.moves.urllib.parse import parse_qsl, urlencode, quote, urljoin, urlsplit @@ -98,7 +100,7 @@ class HttpRequest(object): # RFC 3986 requires query string arguments to be in the ASCII range. # Rather than crash if this doesn't happen, we encode defensively. return '%s%s' % ( - self.path, + escape_uri_path(self.path), ('?' + iri_to_uri(self.META.get('QUERY_STRING', ''))) if self.META.get('QUERY_STRING', '') else '' ) -- cgit v1.3