[Django] #28142: Login ends up with ValueError with some next URLs

[Django]

#28142: Login ends up with ValueError with some next URLs
----------------------------------------+------------------------
Reporter: Michal Čihař | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 1.11
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
----------------------------------------+------------------------
The is_safe_url function can raise ValueError from _urlsplit. IMHO it
should catch the error from parsing and return False in this case.

This can happen for example with `next=http://168.192.0.1]`

Traceback from 1.10, but it happens on 1.11 as well (and actually raises
the ValueError even on the login page as it is now doing the validation).

{{{
File "/usr/lib/python2.7/dist-packages/django/contrib/auth/views.py" in
inner
47. return func(*args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/views/decorators/debug.py"
in sensitive_post_parameters_wrapper
76. return view(request, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py" in
_wrapped_view
149. response = view_func(request, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/views/decorators/cache.py"
in _wrapped_view_func
57. response = view_func(request, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/contrib/auth/views.py" in
login
83. return
HttpResponseRedirect(_get_login_redirect_url(request, redirect_to))

File "/usr/lib/python2.7/dist-packages/django/contrib/auth/views.py" in
_get_login_redirect_url
53. if not is_safe_url(url=redirect_to, host=request.get_host()):

File "/usr/lib/python2.7/dist-packages/django/utils/http.py" in
is_safe_url
309. return _is_safe_url(url, host) and
_is_safe_url(url.replace('\\', '/'), host)

File "/usr/lib/python2.7/dist-packages/django/utils/http.py" in
_is_safe_url
369. url_info = _urlparse(url)

File "/usr/lib/python2.7/dist-packages/django/utils/http.py" in _urlparse
321. splitresult = _urlsplit(url, scheme, allow_fragments)

File "/usr/lib/python2.7/dist-packages/django/utils/http.py" in _urlsplit
355. raise ValueError("Invalid IPv6 URL")

Exception Type: ValueError at /accounts/login/
Exception Value: Invalid IPv6 URL
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28142>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#28142: is_safe_url() raises ValueError for invalid IPv6 URLs
------------------------------+------------------------------------

Reporter: Michal Čihař | Owner: nobody
Type: Bug | Status: new

Component: Utilities | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
------------------------------+------------------------------------
Changes (by Tim Graham):

* stage: Unreviewed => Accepted
* component: contrib.auth => Utilities
* easy: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/28142#comment:1>

[Django]

#28142: is_safe_url() raises ValueError for invalid IPv6 URLs

------------------------------+----------------------------------------
Reporter: Michal Čihař | Owner: Uman Shahzad
Type: Bug | Status: assigned

Component: Utilities | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
------------------------------+----------------------------------------
Changes (by Uman Shahzad):

* status: new => assigned
* cc: emidanrko564@… (added)
* owner: nobody => Uman Shahzad

Comment:

Will begin work on it at
https://github.com/UmanShahzad/django/tree/ticket_28142

--
Ticket URL: <https://code.djangoproject.com/ticket/28142#comment:2>

[Django]

#28142: is_safe_url() raises ValueError for invalid IPv6 URLs
------------------------------+----------------------------------------
Reporter: Michal Čihař | Owner: Uman Shahzad
Type: Bug | Status: assigned
Component: Utilities | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 1
Needs tests: 1 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
------------------------------+----------------------------------------
Changes (by Uman Shahzad):

* needs_docs: 0 => 1
* has_patch: 0 => 1
* needs_tests: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/28142#comment:3>

[Django]

#28142: is_safe_url() raises ValueError for invalid IPv6 URLs
------------------------------+----------------------------------------
Reporter: Michal Čihař | Owner: Uman Shahzad
Type: Bug | Status: assigned
Component: Utilities | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
------------------------------+----------------------------------------
Changes (by Uman Shahzad):

* needs_docs: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/28142#comment:4>

[Django]

#28142: is_safe_url() raises ValueError for invalid IPv6 URLs
------------------------------+----------------------------------------
Reporter: Michal Čihař | Owner: Uman Shahzad
Type: Bug | Status: assigned
Component: Utilities | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
------------------------------+----------------------------------------
Changes (by Uman Shahzad):

* needs_tests: 1 => 0

Comment:

I think this commit matches the suggested requirement of the original
poster.

--
Ticket URL: <https://code.djangoproject.com/ticket/28142#comment:5>

[Django]

#28142: is_safe_url() raises ValueError for invalid IPv6 URLs
------------------------------+----------------------------------------
Reporter: Michal Čihař | Owner: Uman Shahzad

Type: Bug | Status: closed
Component: Utilities | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
------------------------------+----------------------------------------

Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"856072dd4a3e479aa09b0ab6b498ff599ca2a809" 856072dd]:
{{{
#!CommitTicketReference repository=""
revision="856072dd4a3e479aa09b0ab6b498ff599ca2a809"
Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28142#comment:6>

[Django]

#28142: is_safe_url() raises ValueError for invalid IPv6 URLs
------------------------------+----------------------------------------
Reporter: Michal Čihař | Owner: Uman Shahzad
Type: Bug | Status: closed
Component: Utilities | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
------------------------------+----------------------------------------

Comment (by Tim Graham <timograham@…>):

In [changeset:"03d0c05fdfd3de5f36bf54470ed03018295497c7" 03d0c05f]:
{{{
#!CommitTicketReference repository=""
revision="03d0c05fdfd3de5f36bf54470ed03018295497c7"
[1.11.x] Fixed #28142 -- Fixed is_safe_url() crash on invalid IPv6 URLs.

Backport of 856072dd4a3e479aa09b0ab6b498ff599ca2a809 from master
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28142#comment:7>