From 99d12c5d7054529fa8a87148cc17ca4f639b620c Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Fri, 14 Sep 2007 07:33:45 +0000 Subject: [PATCH] Fixed #3651 -- Changed set_language_view() to require POST request is used, in accordance with the HTTP spec (it changes the user's state). Thanks, Fraser Nevett. This is a backwards incompatible change for anybody previously using this view. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6177 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/views/i18n.py | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/django/views/i18n.py b/django/views/i18n.py index 320caf37d7..5b50f75d23 100644 --- a/django/views/i18n.py +++ b/django/views/i18n.py @@ -9,20 +9,26 @@ def set_language(request): """ Redirect to a given url while setting the chosen language in the session or cookie. The url and the language code need to be - specified in the GET parameters. + specified in the request parameters. + + Since this view changes how the user will see the rest of the site, it must + only be accessed as a POST request. If called as a GET request, it will + redirect to the page in the request (the 'next' parameter) without changing + any state. """ - lang_code = request.GET.get('language', None) next = request.GET.get('next', None) if not next: next = request.META.get('HTTP_REFERER', None) if not next: next = '/' response = http.HttpResponseRedirect(next) - if lang_code and check_for_language(lang_code): - if hasattr(request, 'session'): - request.session['django_language'] = lang_code - else: - response.set_cookie('django_language', lang_code) + if request.method == 'POST': + lang_code = request.POST.get('language', None) + if lang_code and check_for_language(lang_code): + if hasattr(request, 'session'): + request.session['django_language'] = lang_code + else: + response.set_cookie('django_language', lang_code) return response NullSource = """