From 1e6b9e29e64fc9f13d4680be141c64d24eb92cc9 Mon Sep 17 00:00:00 2001 From: Jon Dufresne Date: Wed, 28 Aug 2019 00:20:46 -0700 Subject: [PATCH] Refs #27795 -- Removed an unnecessary force_bytes() call in uri_to_iri(). The value returned from urllib.parse.quote() is always a string, so can safely call .encode(). --- django/utils/encoding.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django/utils/encoding.py b/django/utils/encoding.py index 0721d516c4..8f6f6024ca 100644 --- a/django/utils/encoding.py +++ b/django/utils/encoding.py @@ -236,7 +236,7 @@ def repercent_broken_unicode(path): # CVE-2019-14235: A recursion shouldn't be used since the exception # handling uses massive amounts of memory repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~") - path = path[:e.start] + force_bytes(repercent) + path[e.end:] + path = path[:e.start] + repercent.encode() + path[e.end:] else: return path