Fixed #18659 -- Deprecated request.REQUEST and MergeDict

Thanks Aymeric Augustin for the suggestion.

django/contrib/admin/options.py

@@ -1284,8 +1284,10 @@ class ModelAdmin(BaseModelAdmin):
         context = dict(self.admin_site.each_context(),
             title=_('Add %s') % force_text(opts.verbose_name),
             adminform=adminForm,
-            is_popup=IS_POPUP_VAR in request.REQUEST,
-            to_field=request.REQUEST.get(TO_FIELD_VAR),
+            is_popup=(IS_POPUP_VAR in request.POST or
+                      IS_POPUP_VAR in request.GET),
+            to_field=request.POST.get(TO_FIELD_VAR,
+                                      request.GET.get(TO_FIELD_VAR)),
             media=media,
             inline_admin_formsets=inline_admin_formsets,
             errors=helpers.AdminErrorList(form, formsets),
@@ -1357,8 +1359,10 @@ class ModelAdmin(BaseModelAdmin):
             adminform=adminForm,
             object_id=object_id,
             original=obj,
-            is_popup=IS_POPUP_VAR in request.REQUEST,
-            to_field=request.REQUEST.get(TO_FIELD_VAR),
+            is_popup=(IS_POPUP_VAR in request.POST or
+                      IS_POPUP_VAR in request.GET),
+            to_field=request.POST.get(TO_FIELD_VAR,
+                                      request.GET.get(TO_FIELD_VAR)),
             media=media,
             inline_admin_formsets=inline_admin_formsets,
             errors=helpers.AdminErrorList(form, formsets),

django/contrib/auth/admin.py

@@ -144,7 +144,8 @@ class UserAdmin(admin.ModelAdmin):
             'adminForm': adminForm,
             'form_url': form_url,
             'form': form,
-            'is_popup': IS_POPUP_VAR in request.REQUEST,
+            'is_popup': (IS_POPUP_VAR in request.POST or
+                         IS_POPUP_VAR in request.GET),
             'add': True,
             'change': False,
             'has_delete_permission': False,

django/contrib/auth/tests/test_views.py

@@ -526,7 +526,6 @@ class LoginTest(AuthViewsTestCase):
         req.COOKIES[settings.CSRF_COOKIE_NAME] = token1
         req.method = "POST"
         req.POST = {'username': 'testclient', 'password': password, 'csrfmiddlewaretoken': token1}
-        req.REQUEST = req.POST
 
         # Use POST request to log in
         SessionMiddleware().process_request(req)

django/contrib/auth/views.py

@@ -28,7 +28,8 @@ def login(request, template_name='registration/login.html',
     """
     Displays the login form and handles the login action.
     """
-    redirect_to = request.REQUEST.get(redirect_field_name, '')
+    redirect_to = request.POST.get(redirect_field_name,
+                                   request.GET.get(redirect_field_name, ''))
 
     if request.method == "POST":
         form = authentication_form(request, data=request.POST)
@@ -71,8 +72,10 @@ def logout(request, next_page=None,
     if next_page is not None:
         next_page = resolve_url(next_page)
 
-    if redirect_field_name in request.REQUEST:
-        next_page = request.REQUEST[redirect_field_name]
+    if (redirect_field_name in request.POST or
+            redirect_field_name in request.GET):
+        next_page = request.POST.get(redirect_field_name,
+                                     request.GET.get(redirect_field_name))
         # Security check -- don't allow redirection to a different host.
         if not is_safe_url(url=next_page, host=request.get_host()):
             next_page = request.path

django/core/handlers/wsgi.py

@@ -5,6 +5,7 @@ import logging
 import sys
 from io import BytesIO
 from threading import Lock
+import warnings
 
 from django import http
 from django.conf import settings
@@ -129,6 +130,8 @@ class WSGIRequest(http.HttpRequest):
         return content_type, content_params
 
     def _get_request(self):
+        warnings.warn('`request.REQUEST` is deprecated, use `request.GET` or '
+                      '`request.POST` instead.', PendingDeprecationWarning, 2)
         if not hasattr(self, '_request'):
             self._request = datastructures.MergeDict(self.POST, self.GET)
         return self._request

django/utils/datastructures.py

@@ -12,6 +12,8 @@ class MergeDict(object):
     first occurrence will be used.
     """
     def __init__(self, *dicts):
+        warnings.warn('`MergeDict` is deprecated, use `dict.update()` '
+                      'instead.', PendingDeprecationWarning, 2)
         self.dicts = dicts
 
     def __bool__(self):

django/views/i18n.py

@@ -24,7 +24,7 @@ def set_language(request):
     redirect to the page in the request (the 'next' parameter) without changing
     any state.
     """
-    next = request.REQUEST.get('next')
+    next = request.POST.get('next', request.GET.get('next'))
     if not is_safe_url(url=next, host=request.get_host()):
         next = request.META.get('HTTP_REFERER')
         if not is_safe_url(url=next, host=request.get_host()):