utils: verify next_url without encoding it
This commit is contained in:
parent
45ef1177b7
commit
26ebbb2f9c
|
@ -940,17 +940,21 @@ def good_next_url(request, next_url):
|
|||
return False
|
||||
|
||||
|
||||
def is_ascii(something):
|
||||
try:
|
||||
something.encode('ascii')
|
||||
return True
|
||||
except UnicodeEncodeError:
|
||||
return False
|
||||
|
||||
|
||||
def get_next_url(params, field_name=None):
|
||||
field_name = field_name or REDIRECT_FIELD_NAME
|
||||
'''Extract and decode a next_url field'''
|
||||
field_name = field_name or REDIRECT_FIELD_NAME
|
||||
next_url = params.get(field_name)
|
||||
if not next_url:
|
||||
return None
|
||||
try:
|
||||
next_url = next_url.encode('ascii')
|
||||
except UnicodeEncodeError:
|
||||
return None
|
||||
if not is_valid_url(next_url):
|
||||
if not is_ascii(next_url) or not is_valid_url(next_url):
|
||||
return None
|
||||
return next_url
|
||||
|
||||
|
|
Loading…
Reference in New Issue