Fixed #18456 -- Added path escaping to HttpRequest.get_full_path().

author: Unai Zalakain <unai@gisa-elkartea.org> 2014-10-31 17:43:34 +0200
committer: Tim Graham <timograham@gmail.com> 2014-11-03 07:59:19 -0500
commit: c548c8d0d1112d2c4bace2eebf73ede35300d842 (patch)
tree: a0d8e3089302139c6a24b6262d37ab2eb55fb4c8 /django/http/request.py
parent: d3db878e4beff057400dd780c24f3601a5d31f95 (diff)
download: django-c548c8d0d1112d2c4bace2eebf73ede35300d842.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/django/http/request.py b/django/http/request.py
index 4b9c7a77d5..486eeb5410 100644
--- a/django/http/request.py
+++ b/django/http/request.py
@@ -15,7 +15,9 @@ from django.core.files import uploadhandler
 from django.http.multipartparser import MultiPartParser, MultiPartParserError
 from django.utils import six
 from django.utils.datastructures import MultiValueDict, ImmutableList
-from django.utils.encoding import force_bytes, force_text, force_str, iri_to_uri
+from django.utils.encoding import (
+    force_bytes, force_text, force_str, escape_uri_path, iri_to_uri,
+)
 from django.utils.six.moves.urllib.parse import parse_qsl, urlencode, quote, urljoin, urlsplit
 
 
@@ -98,7 +100,7 @@ class HttpRequest(object):
         # RFC 3986 requires query string arguments to be in the ASCII range.
         # Rather than crash if this doesn't happen, we encode defensively.
         return '%s%s' % (
-            self.path,
+            escape_uri_path(self.path),
             ('?' + iri_to_uri(self.META.get('QUERY_STRING', ''))) if self.META.get('QUERY_STRING', '') else ''
         )
author	Unai Zalakain <unai@gisa-elkartea.org>	2014-10-31 17:43:34 +0200
committer	Tim Graham <timograham@gmail.com>	2014-11-03 07:59:19 -0500
commit	c548c8d0d1112d2c4bace2eebf73ede35300d842 (patch)
tree	a0d8e3089302139c6a24b6262d37ab2eb55fb4c8 /django/http/request.py
parent	d3db878e4beff057400dd780c24f3601a5d31f95 (diff)
download	django-c548c8d0d1112d2c4bace2eebf73ede35300d842.tar.gz