From badca4716fee99372ae545eaf6d5521db11348c1 Mon Sep 17 00:00:00 2001 From: Baptiste Mispelon Date: Sat, 20 Apr 2013 05:20:01 +0200 Subject: [1.6.x] Fixed #10491 -- Allowed passing lazy objects to HttpResponseRedirect. Thanks liangent for the report. Backport of 3c45fb8589 from master --- django/http/response.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'django/http') diff --git a/django/http/response.py b/django/http/response.py index 784f21174e..8d8db2c8b4 100644 --- a/django/http/response.py +++ b/django/http/response.py @@ -15,7 +15,7 @@ from django.core import signing from django.core.exceptions import DisallowedRedirect from django.http.cookie import SimpleCookie from django.utils import six, timezone -from django.utils.encoding import force_bytes, iri_to_uri +from django.utils.encoding import force_bytes, force_text, iri_to_uri from django.utils.http import cookie_date from django.utils.six.moves import map @@ -454,7 +454,7 @@ class HttpResponseRedirectBase(HttpResponse): allowed_schemes = ['http', 'https', 'ftp'] def __init__(self, redirect_to, *args, **kwargs): - parsed = urlparse(redirect_to) + parsed = urlparse(force_text(redirect_to)) if parsed.scheme and parsed.scheme not in self.allowed_schemes: raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme) super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) -- cgit v1.3