diff options
Diffstat (limited to 'django/utils')
| -rw-r--r-- | django/utils/encoding.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/django/utils/encoding.py b/django/utils/encoding.py index e1ebacef47..c5c4463b1c 100644 --- a/django/utils/encoding.py +++ b/django/utils/encoding.py @@ -229,6 +229,7 @@ def repercent_broken_unicode(path): repercent-encode any octet produced that is not part of a strictly legal UTF-8 octet sequence. """ + changed_parts = [] while True: try: path.decode() @@ -236,9 +237,10 @@ def repercent_broken_unicode(path): # CVE-2019-14235: A recursion shouldn't be used since the exception # handling uses massive amounts of memory repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~") - path = path[:e.start] + repercent.encode() + path[e.end:] + changed_parts.append(path[:e.start] + repercent.encode()) + path = path[e.end:] else: - return path + return b"".join(changed_parts) + path def filepath_to_uri(path): |