diff options
| author | Jerome Leclanche <jerome@leclan.ch> | 2016-12-17 17:34:32 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-12-19 10:01:03 -0500 |
| commit | a849ec1880e6e9926bd04e298c0ded2611cfb4b3 (patch) | |
| tree | 941f038a22c28d0975fe2bf312266faef7fbc0c3 | |
| parent | 6af23a4521fcf80aec7c5ee3988914423c7dfccd (diff) | |
Fixed #27606 -- Fixed HttpResponseRedirect.__repr__() crash when DisallowedRedirect is raised.
| -rw-r--r-- | django/http/response.py | 4 | ||||
| -rw-r--r-- | tests/httpwrappers/tests.py | 13 |
2 files changed, 14 insertions, 3 deletions
diff --git a/django/http/response.py b/django/http/response.py index 89c1c0a5fd..48b4b525b9 100644 --- a/django/http/response.py +++ b/django/http/response.py @@ -420,11 +420,11 @@ class HttpResponseRedirectBase(HttpResponse): allowed_schemes = ['http', 'https', 'ftp'] def __init__(self, redirect_to, *args, **kwargs): + super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) + self['Location'] = iri_to_uri(redirect_to) parsed = urlparse(force_text(redirect_to)) if parsed.scheme and parsed.scheme not in self.allowed_schemes: raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme) - super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) - self['Location'] = iri_to_uri(redirect_to) url = property(lambda self: self['Location']) diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py index 2cf0e23d63..be136f3bb7 100644 --- a/tests/httpwrappers/tests.py +++ b/tests/httpwrappers/tests.py @@ -8,7 +8,7 @@ import pickle import unittest import uuid -from django.core.exceptions import SuspiciousOperation +from django.core.exceptions import DisallowedRedirect, SuspiciousOperation from django.core.serializers.json import DjangoJSONEncoder from django.core.signals import request_finished from django.db import close_old_connections @@ -517,6 +517,17 @@ class HttpResponseSubclassesTests(SimpleTestCase): expected = '<HttpResponseRedirect status_code=302, "text/html; charset=utf-8", url="/redirected/">' self.assertEqual(repr(response), expected) + def test_invalid_redirect_repr(self): + """ + If HttpResponseRedirect raises DisallowedRedirect, its __repr__() + should work (in the debug view, for example). + """ + response = HttpResponseRedirect.__new__(HttpResponseRedirect) + with self.assertRaisesMessage(DisallowedRedirect, "Unsafe redirect to URL with protocol 'ssh'"): + HttpResponseRedirect.__init__(response, 'ssh://foo') + expected = '<HttpResponseRedirect status_code=302, "text/html; charset=utf-8", url="ssh://foo">' + self.assertEqual(repr(response), expected) + def test_not_modified(self): response = HttpResponseNotModified() self.assertEqual(response.status_code, 304) |