mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-26 23:26:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #18678 -- HttpResponse init arguments allowed for subclasses

Browse Source 
Thanks hp1337@gmail.com for the report.
This commit is contained in:
Claude Paroz
2012-08-23 10:56:55 +02:00
parent 03671ad7e3
commit 44c09de555
3 changed files with 33 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
django/http/__init__.py
View File

@@ -728,11 +728,11 @@ class HttpResponse(object):
class HttpResponseRedirectBase(HttpResponse):
allowed_schemes = ['http', 'https', 'ftp']
def __init__(self, redirect_to):
def __init__(self, redirect_to, *args, **kwargs):
parsed = urlparse(redirect_to)
if parsed.scheme and parsed.scheme not in self.allowed_schemes:
raise SuspiciousOperation("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
super(HttpResponseRedirectBase, self).__init__()
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
self['Location'] = iri_to_uri(redirect_to)
class HttpResponseRedirect(HttpResponseRedirectBase):
@@ -766,8 +766,8 @@ class HttpResponseForbidden(HttpResponse):
class HttpResponseNotAllowed(HttpResponse):
status_code = 405
def __init__(self, permitted_methods):
super(HttpResponseNotAllowed, self).__init__()
def __init__(self, permitted_methods, *args, **kwargs):
super(HttpResponseNotAllowed, self).__init__(*args, **kwargs)
self['Allow'] = ', '.join(permitted_methods)
class HttpResponseGone(HttpResponse):