utils: verify next_url without encoding it

2019-05-06 15:57:51 +02:00 · 2019-05-06 15:57:51 +02:00 · 26ebbb2f9c
parent 45ef1177b7
commit 26ebbb2f9c
1 changed files with 10 additions and 6 deletions
--- a/src/authentic2/utils/init.py
+++ b/src/authentic2/utils/init.py
@ -940,17 +940,21 @@ def good_next_url(request, next_url):
    return False


+def is_ascii(something):
+    try:
+        something.encode('ascii')
+        return True
+    except UnicodeEncodeError:
+        return False
+
+
 def get_next_url(params, field_name=None):
-    field_name = field_name or REDIRECT_FIELD_NAME
    '''Extract and decode a next_url field'''
+    field_name = field_name or REDIRECT_FIELD_NAME
    next_url = params.get(field_name)
    if not next_url:
        return None
-    try:
-        next_url = next_url.encode('ascii')
-    except UnicodeEncodeError:
-        return None
-    if not is_valid_url(next_url):
+    if not is_ascii(next_url) or not is_valid_url(next_url):
        return None
    return next_url