Merge pull request #1368 from yunstanford/fix-redirect
Add '%' to quote_plus's `safe` parameter in response.redirect
This commit is contained in:
		| @@ -421,7 +421,7 @@ def redirect( | ||||
|     headers = headers or {} | ||||
|  | ||||
|     # URL Quote the URL before redirecting | ||||
|     safe_to = quote_plus(to, safe=":/#?&=@[]!$&'()*+,;") | ||||
|     safe_to = quote_plus(to, safe=":/%#?&=@[]!$&'()*+,;") | ||||
|  | ||||
|     # According to RFC 7231, a relative URI is now permitted. | ||||
|     headers["Location"] = safe_to | ||||
|   | ||||
| @@ -1,4 +1,5 @@ | ||||
| import pytest | ||||
| from urllib.parse import quote | ||||
|  | ||||
| from sanic.response import text, redirect | ||||
|  | ||||
| @@ -107,3 +108,25 @@ def test_redirect_with_header_injection(redirect_app): | ||||
|     assert response.status == 302 | ||||
|     assert "test-header" not in response.headers | ||||
|     assert not response.text.startswith('test-body') | ||||
|  | ||||
|  | ||||
| @pytest.mark.parametrize("test_str", ["sanic-test", "sanictest", "sanic test"]) | ||||
| async def test_redirect_with_params(app, test_client, test_str): | ||||
|  | ||||
|     @app.route("/api/v1/test/<test>/") | ||||
|     async def init_handler(request, test): | ||||
|         assert test == test_str | ||||
|         return redirect("/api/v2/test/{}/".format(quote(test))) | ||||
|  | ||||
|     @app.route("/api/v2/test/<test>/") | ||||
|     async def target_handler(request, test): | ||||
|         assert test == test_str | ||||
|         return text("OK") | ||||
|  | ||||
|     test_cli = await test_client(app) | ||||
|  | ||||
|     response = await test_cli.get("/api/v1/test/{}/".format(quote(test_str))) | ||||
|     assert response.status == 200 | ||||
|  | ||||
|     txt = await response.text() | ||||
|     assert txt == "OK" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Eli Uriegas
					Eli Uriegas