Context Navigation

← Previous Ticket
Next Ticket →

#32345 closed Bug (fixed)

i18n.set_language unquotes next_url and produces wrong url for url params containing "&" character

Reported by:	Sebastian Kapunkt	Owned by:	Sandro Covo
Component:	Internationalization	Version:	3.1
Severity:	Normal	Keywords:	i18n unquote
Cc:	Johannes Maron	Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	yes	UI/UX:	no

Description (last modified by Johannes Maron)

When changing the language and the current URL parameter include a parameter value with an encoded "&" like

?paramter=some%20%26%20thing

the redirect response from set_langauge is

?paramter=some%20&%20thing

where I would still expect the same URL from as in the beginning.

I've written a Django test that shows this bug:

def test_set_language_url_params():
    from django.test import RequestFactory
    from django.views.i18n import set_language

    rf = RequestFactory()
    request = rf.post("", next="")
    request.META['HTTP_REFERER'] = '/someurl/?paramter=some%20%26%20thing'

    response = set_language(request)
    assert response.url == '/someurl/?paramter=some%20%26%20thing'

Change History (8)

comment:1 by Johannes Maron, 4 years ago

Cc:	Johannes Maron added
Description:	modified (diff)
Easy pickings:	set
Triage Stage:	Unreviewed → Accepted

After some serious digging, the bug was introduced here: https://github.com/django/django/commit/9e3f141701b96b6974b3386f83dc76e70a41377d via #26466.
The problem seems to be, that the URL is not properly parsed. The path and GET attributes needs to be handled differently for that to work.

comment:2 by Johannes Maron, 4 years ago

I can also confirm what Chrome and Firefox both send an encoded path, but they do not "re"-encode the query.

comment:3 by Sandro Covo, 4 years ago

Owner:	changed from nobody to Sandro Covo
Status:	new → assigned

comment:4 by Sandro Covo, 4 years ago

Has patch:	set

I created a pull request with my changes here: https://github.com/django/django/pull/13884

They solve the issue of preserving the encoded & in the URL, but I didn't really see a connection of the testcase from #26466 with the issue that was described there, but maybe this was fixed through another change to reverse or translate_url. I added a quoted & and an unquoted & to the test, so for an url in the form of some%26thing&another%26thing is preserved.

comment:5 by Johannes Maron, 4 years ago

Needs documentation:	set
Needs tests:	set

comment:6 by Johannes Maron, 4 years ago

Needs documentation:	unset
Needs tests:	unset
Triage Stage:	Accepted → Ready for checkin

comment:7 by Mariusz Felisiak <felisiak.mariusz@…>, 4 years ago

Resolution:	→ fixed
Status:	assigned → closed

In 6822aa5c:

Fixed #32345 -- Fixed preserving encoded query strings in set_language() view.

Thanks Johannes Maron for the review.

comment:8 by Mariusz Felisiak <felisiak.mariusz@…>, 4 years ago

In 0a3d93f:

[3.2.x] Fixed #32345 -- Fixed preserving encoded query strings in set_language() view.

Thanks Johannes Maron for the review.

Backport of 6822aa5c6c3fbec7c5393a05e990865ba59fe167 from master

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues