fix redirect with quoted param

This commit is contained in:
Yun Xu 2018-10-15 21:53:11 -07:00
parent 34e51f01d1
commit 277c2ce2d2
2 changed files with 25 additions and 1 deletions

View File

@ -421,7 +421,7 @@ def redirect(
headers = headers or {}
# URL Quote the URL before redirecting
safe_to = quote_plus(to, safe=":/#?&=@[]!$&'()*+,;")
safe_to = quote_plus(to, safe=":/%#?&=@[]!$&'()*+,;")
# According to RFC 7231, a relative URI is now permitted.
headers["Location"] = safe_to

View File

@ -1,4 +1,6 @@
import pytest
import json
from urllib.parse import quote
from sanic.response import text, redirect
@ -107,3 +109,25 @@ def test_redirect_with_header_injection(redirect_app):
assert response.status == 302
assert "test-header" not in response.headers
assert not response.text.startswith('test-body')
@pytest.mark.parametrize("test_str", ["sanic-test", "sanictest", "sanic test"])
async def test_redirect_with_params(app, test_client, test_str):
@app.route("/api/v1/test/<test>/")
async def init_handler(request, test):
assert test == test_str
return redirect("/api/v2/test/{}/".format(quote(test)))
@app.route("/api/v2/test/<test>/")
async def target_handler(request, test):
assert test == test_str
return text("OK")
test_cli = await test_client(app)
response = await test_cli.get("/api/v1/test/{}/".format(quote(test_str)))
assert response.status == 200
txt = await response.text()
assert txt == "OK"