* Fixes a potential redirect loop in ProductDetailView if URL includes certain characters If the URL includes a colon ':' then the ProductDetailView is getting trapped into a redirect loop. * Added test to prove the point --------- Co-authored-by: Martin Darmüntzel <martin@trivialanalog.de>

2 years ago · 3c0f3adf39
--- a/src/oscar/apps/catalogue/views.py
+++ b/src/oscar/apps/catalogue/views.py
@@ -67,7 +67,7 @@ class ProductDetailView(DetailView):
 
				
				 
			
 
				
				         if self.enforce_paths:
			
 
				
				             expected_path = product.get_absolute_url()
			
 
				
				-            if expected_path != quote(current_path):
			
 
				
				+            if quote(expected_path) != quote(current_path):
			
 
				
				                 return HttpResponsePermanentRedirect(expected_path)
			
 
				
				 
			
 
				
				     def get_context_data(self, **kwargs):
			
--- a/tests/_site/specialurls.py
+++ b/tests/_site/specialurls.py
@@ -0,0 +1,25 @@
 
				
				+from django.apps import apps
			
 
				
				+from django.conf.urls.i18n import i18n_patterns
			
 
				
				+from django.contrib import admin
			
 
				
				+from django.contrib.staticfiles.urls import staticfiles_urlpatterns
			
 
				
				+from django.urls import include, path
			
 
				
				+
			
 
				
				+from tests._site.apps.myapp.views import TestView
			
 
				
				+
			
 
				
				+admin.autodiscover()
			
 
				
				+
			
 
				
				+urlpatterns = [
			
 
				
				+    path('admin/', admin.site.urls),
			
 
				
				+    path('app:shop/', include(apps.get_app_config('oscar').urls[0])),
			
 
				
				+    path('i18n/', include('django.conf.urls.i18n')),
			
 
				
				+]
			
 
				
				+
			
 
				
				+urlpatterns += i18n_patterns(
			
 
				
				+    path('test/', TestView),
			
 
				
				+)
			
 
				
				+
			
 
				
				+urlpatterns += staticfiles_urlpatterns()
			
 
				
				+
			
 
				
				+handler403 = 'oscar.views.handler403'
			
 
				
				+handler404 = 'oscar.views.handler404'
			
 
				
				+handler500 = 'oscar.views.handler500'
			
--- a/tests/functional/catalogue/test_catalogue.py
+++ b/tests/functional/catalogue/test_catalogue.py
@@ -64,6 +64,17 @@ class TestProductDetailView(WebTestCase):
 
				
				 
			
 
				
				         self.assertEqual(response.status_code, http_client.NOT_FOUND)
			
 
				
				 
			
 
				
				+    def test_does_not_go_into_redirect_loop(self):
			
 
				
				+        "when a product slug contains a colon, there should be no redirect loop"
			
 
				
				+        with self.settings(ROOT_URLCONF='tests._site.specialurls'):
			
 
				
				+            product = create_product(slug="no-redirect", is_public=True)
			
 
				
				+            kwargs = {'product_slug': "si-redirect", 'pk': product.id}
			
 
				
				+            url = reverse('catalogue:detail', kwargs=kwargs)
			
 
				
				+            response = self.app.get(url, expect_errors=True)
			
 
				
				+            self.assertIsRedirect(response)
			
 
				
				+            response = self.app.get(response['Location'])
			
 
				
				+            self.assertIsNotRedirect(response)
			
 
				
				+
			
 
				
				 
			
 
				
				 class TestProductListView(WebTestCase):