#12534: django.contrib.auth.views.login refuses to redirect to urls with spaces
-------------------------------------+--------------------------------------
Reporter: sharky | Owner: nobody
Status: reopened | Milestone:
Component: Authentication | Version: 1.1
Resolution: | Keywords:
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by aaugustin):
* status: closed => reopened
* resolution: duplicate =>
Comment:
#11457 handles URLs containing //, but it does not address the main issue
of this ticket, which is URLs containing spaces.
The comment explaining the restriction on spaces is unclear:
{{{
# Light security check -- make sure redirect_to isn't garbage.
}}}
and no better reason was found, see:[[BR]]
http://code.djangoproject.com/ticket/11457#comment:3 [[BR]]
http://code.djangoproject.com/ticket/11457#comment:4 [[BR]]
Could the restriction be either explained or removed?
To remove it, line 34 of django/contrib/auth/views.py must be changed
from:
{{{
if not redirect_to or ' ' in redirect_to:
}}}
to
{{{
if not redirect_to:
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/12534#comment:4>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
