mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-26 07:06:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #21446 -- Allowed not performing redirect in set_language view

Browse Source 
Thanks Claude Paroz and Tim Graham for polishing the patch.
This commit is contained in:
Krzysztof Jurewicz
2016-03-28 19:23:04 +02:00
committed by Claude Paroz
parent 12ba20d83c
commit 940b7fd5cb
4 changed files with 105 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
django/views/i18n.py
View File

@@ -34,17 +34,18 @@ def set_language(request):
any state.
"""
next = request.POST.get('next', request.GET.get('next'))
if not is_safe_url(url=next, host=request.get_host()):
if (next or not request.is_ajax()) and not is_safe_url(url=next, host=request.get_host()):
next = request.META.get('HTTP_REFERER')
if not is_safe_url(url=next, host=request.get_host()):
next = '/'
response = http.HttpResponseRedirect(next)
response = http.HttpResponseRedirect(next) if next else http.HttpResponse(status=204)
if request.method == 'POST':
lang_code = request.POST.get(LANGUAGE_QUERY_PARAMETER)
if lang_code and check_for_language(lang_code):
next_trans = translate_url(next, lang_code)
if next_trans != next:
response = http.HttpResponseRedirect(next_trans)
if next:
next_trans = translate_url(next, lang_code)
if next_trans != next:
response = http.HttpResponseRedirect(next_trans)
if hasattr(request, 'session'):
request.session[LANGUAGE_SESSION_KEY] = lang_code
else: