From 99d12c5d7054529fa8a87148cc17ca4f639b620c Mon Sep 17 00:00:00 2001
From: Malcolm Tredinnick <malcolm.tredinnick@gmail.com>
Date: Fri, 14 Sep 2007 07:33:45 +0000
Subject: [PATCH] Fixed #3651 -- Changed set_language_view() to require POST
request is used, in accordance with the HTTP spec (it changes the user's
state). Thanks, Fraser Nevett.
This is a backwards incompatible change for anybody previously using this view.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6177 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
django/views/i18n.py | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/django/views/i18n.py b/django/views/i18n.py
index 320caf37d7..5b50f75d23 100644
--- a/django/views/i18n.py
+++ b/django/views/i18n.py
@@ -9,20 +9,26 @@ def set_language(request):
"""
Redirect to a given url while setting the chosen language in the
session or cookie. The url and the language code need to be
- specified in the GET parameters.
+ specified in the request parameters.
+
+ Since this view changes how the user will see the rest of the site, it must
+ only be accessed as a POST request. If called as a GET request, it will
+ redirect to the page in the request (the 'next' parameter) without changing
+ any state.
"""
- lang_code = request.GET.get('language', None)
next = request.GET.get('next', None)
if not next:
next = request.META.get('HTTP_REFERER', None)
if not next:
next = '/'
response = http.HttpResponseRedirect(next)
- if lang_code and check_for_language(lang_code):
- if hasattr(request, 'session'):
- request.session['django_language'] = lang_code
- else:
- response.set_cookie('django_language', lang_code)
+ if request.method == 'POST':
+ lang_code = request.POST.get('language', None)
+ if lang_code and check_for_language(lang_code):
+ if hasattr(request, 'session'):
+ request.session['django_language'] = lang_code
+ else:
+ response.set_cookie('django_language', lang_code)
return response
NullSource = """