[Checkins] SVN: zope.publisher/trunk/ Convert a location, passed to a redirect method of HTTPRequest to string before checking for trusted host redirection.
Dan Korostelev
nadako at gmail.com
Tue Sep 1 09:09:37 EDT 2009
Log message for revision 103444:
Convert a location, passed to a redirect method of HTTPRequest to string before checking for trusted host redirection.
Changed:
U zope.publisher/trunk/CHANGES.txt
U zope.publisher/trunk/src/zope/publisher/http.py
U zope.publisher/trunk/src/zope/publisher/tests/test_http.py
-=-
Modified: zope.publisher/trunk/CHANGES.txt
===================================================================
--- zope.publisher/trunk/CHANGES.txt 2009-09-01 13:09:15 UTC (rev 103443)
+++ zope.publisher/trunk/CHANGES.txt 2009-09-01 13:09:37 UTC (rev 103444)
@@ -4,7 +4,10 @@
3.9.1 (unreleased)
------------------
-- ...
+- Convert a location, passed to a redirect method of HTTPRequest to
+ string before checking for trusted host redirection, because a
+ location object may be some non-string convertable to string, like
+ URLGetter.
3.9.0 (2009-08-27)
------------------
Modified: zope.publisher/trunk/src/zope/publisher/http.py
===================================================================
--- zope.publisher/trunk/src/zope/publisher/http.py 2009-09-01 13:09:15 UTC (rev 103443)
+++ zope.publisher/trunk/src/zope/publisher/http.py 2009-09-01 13:09:37 UTC (rev 103444)
@@ -879,6 +879,11 @@
def redirect(self, location, status=None, trusted=False):
"""Causes a redirection without raising an error"""
+
+ # convert to a string, as the location could be non-string
+ # convertable to string, for example, an URLGetter instance
+ location = str(location)
+
if not trusted:
scheme, target_host, path, query, fragment = (
urlparse.urlsplit(location))
Modified: zope.publisher/trunk/src/zope/publisher/tests/test_http.py
===================================================================
--- zope.publisher/trunk/src/zope/publisher/tests/test_http.py 2009-09-01 13:09:15 UTC (rev 103443)
+++ zope.publisher/trunk/src/zope/publisher/tests/test_http.py 2009-09-01 13:09:37 UTC (rev 103444)
@@ -282,6 +282,11 @@
request.response.redirect('http://foobar.com/explicit', 304)
self.assertEquals(request.response.getStatus(), 304)
+ # test non-string location, like URLGetter
+ request = self._createRequest(env, '')
+ request.response.redirect(request.URL)
+ self.assertEquals(request.response.getStatus(), 303)
+ self.assertEquals(request.response.getHeader('location'), str(request.URL))
def testUntrustedRedirect(self):
# Redirects are by default only allowed to target the same host as the
More information about the checkins
mailing list