Re: [Django] #15718: Django unquotes urls and not able to distinguish %2F and /

72 views
Skip to first unread message

Django

unread,
May 5, 2011, 3:14:12 PM5/5/11
to django-...@googlegroups.com
#15718: Django unquotes urls and not able to distinguish %2F and /
-------------------------------------+-------------------------------------
Reporter: fed239 | Owner: nobody
Type: Bug | Status: closed
Milestone: | Component: Core (Other)
Version: 1.2 | Severity: Normal
Resolution: wontfix | Keywords: urls, url resolver,
Triage Stage: | unquote, %2F
Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
-------------------------------------+-------------------------------------
Changes (by anonymous):

* easy: => 0


Comment:

I don't agree that there is no upside. Currently URL
http://example.com/A%2fB/C/ will match pattern {{{
^([^/]+)/([^/]+)/([^/]+)/$ }}} instead of expected {{{ ^([^/]+)/([^/]+)/$
}}}

This restricts usage of URL patterns.

--
Ticket URL: <http://code.djangoproject.com/ticket/15718#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Nov 12, 2014, 10:53:37 AM11/12/14
to django-...@googlegroups.com
#15718: Django unquotes urls and not able to distinguish %2F and /
-------------------------------------+-------------------------------------
Reporter: fed239 | Owner: nobody
Type: Bug | Status: closed
Component: Core (Other) | Version: 1.2
Severity: Normal | Resolution: wontfix
Keywords: urls, url resolver, | Triage Stage:
unquote, %2F | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by gst):

* ui_ux: => 0


Comment:

I've ran into the exact same issue :/

The main problem I see is that, as far as I understand actually, django
compares the url in its url-decoded form against each possible regex
pattern. So the problems we are encountering with '/' encoded url value
(%2F). Though I could be wrong 'cause I've not went to check django code.
If I'm not wrong about this:

Wouldn't there be a possibility to tell django to compare some url regex
pattern against the original url value in its non-decoded form ??

regards,

gst.

--
Ticket URL: <https://code.djangoproject.com/ticket/15718#comment:6>

Django

unread,
Nov 12, 2014, 12:16:13 PM11/12/14
to django-...@googlegroups.com
#15718: Django unquotes urls and not able to distinguish %2F and /
-------------------------------------+-------------------------------------
Reporter: fed239 | Owner: nobody
Type: Bug | Status: closed
Component: Core (Other) | Version: 1.2
Severity: Normal | Resolution: wontfix
Keywords: urls, url resolver, | Triage Stage:
unquote, %2F | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by gst):

Replying to [comment:6 gst]:


>
> Wouldn't there be a possibility to tell django to compare some url regex
pattern against the original url value in its non-decoded form ??

that would be a feature request, what about if I try to make a patch about
it ? would it have chances to be at least reviewed ?

--
Ticket URL: <https://code.djangoproject.com/ticket/15718#comment:7>

Django

unread,
Nov 12, 2014, 12:30:12 PM11/12/14
to django-...@googlegroups.com
#15718: Django unquotes urls and not able to distinguish %2F and /
-------------------------------------+-------------------------------------
Reporter: fed239 | Owner: nobody
Type: Bug | Status: closed
Component: Core (Other) | Version: 1.2
Severity: Normal | Resolution: wontfix
Keywords: urls, url resolver, | Triage Stage:
unquote, %2F | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by claudep):

Any patch with tests is worth a review. But of course, we cannot promise
it will be accepted.

--
Ticket URL: <https://code.djangoproject.com/ticket/15718#comment:8>

Django

unread,
Nov 12, 2014, 1:32:37 PM11/12/14
to django-...@googlegroups.com
#15718: Django unquotes urls and not able to distinguish %2F and /
-------------------------------------+-------------------------------------
Reporter: fed239 | Owner: nobody
Type: Bug | Status: closed
Component: Core (Other) | Version: 1.2
Severity: Normal | Resolution: wontfix
Keywords: urls, url resolver, | Triage Stage:
unquote, %2F | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by gst):

Replying to [comment:6 gst]:

> I've ran into the exact same issue :/
>
> The main problem I see is that, as far as I understand actually, django
compares the url in its url-decoded form against each possible regex
pattern. So the problems we are encountering with '/' encoded url value
(%2F). Though I could be wrong 'cause I've not went to check django code.

The other possible work around, is to url-encode twice the different parts
of the url (so that '/' would be compared as '%2F' when compared to all
the url regex patterns and then no more problem also) that you want to
reach and then to decode them once in the view.
Though it seems rather special.

--
Ticket URL: <https://code.djangoproject.com/ticket/15718#comment:9>

Reply all
Reply to author
Forward
0 new messages