From bddada5acd1e56a01fba406986d7c92a10e0081b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 10 Apr 2019 12:10:34 +0200
Subject: [PATCH] utils: allow string replacement in next parameters (#32140)

The caller must explicitely give the replacement it covers through the
replace argument taking a dictionnary. The dictionnary keys are the
replacement pattern as simple strings, dictionnary values are the
replacement substitution. The replacement substitution is encoded with
urlparse.quote() before replacement.
---
 src/authentic2/utils.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/authentic2/utils.py b/src/authentic2/utils.py
index cd2828fed..616be58f5 100644
--- a/src/authentic2/utils.py
+++ b/src/authentic2/utils.py
@@ -908,6 +908,9 @@ def select_next_url(request, default, field_name=None, include_post=False, repla
     '''Select the first valid next URL'''
     next_url = (include_post and get_next_url(request.POST, field_name=field_name)) or get_next_url(request.GET, field_name=field_name)
     if good_next_url(request, next_url):
+        if replace:
+            for key, value in replace.items():
+                next_url = next_url.replace(key, urlparse.quote(value))
         return next_url
     return default