mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #26466 -- Added HTTP_REFERER decoding to i18n set_language() view.

Browse Source
This commit is contained in:
Miikka Salminen
2016-04-06 17:11:23 +03:00
committed by Tim Graham
parent f8bbba8060
commit 9e3f141701
4 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
django/views/i18n.py
View File

@@ -12,7 +12,7 @@ from django.utils import six
from django.utils._os import upath
from django.utils.encoding import smart_text
from django.utils.formats import get_format, get_format_modules
from django.utils.http import is_safe_url
from django.utils.http import is_safe_url, urlunquote
from django.utils.translation import (
LANGUAGE_SESSION_KEY, check_for_language, get_language, to_locale,
)
@@ -36,6 +36,8 @@ def set_language(request):
next = request.POST.get('next', request.GET.get('next'))
if (next or not request.is_ajax()) and not is_safe_url(url=next, host=request.get_host()):
next = request.META.get('HTTP_REFERER')
if next:
next = urlunquote(next) # HTTP_REFERER may be encoded.
if not is_safe_url(url=next, host=request.get_host()):
next = '/'
response = http.HttpResponseRedirect(next) if next else http.HttpResponse(status=204)