Anonymous avatar Anonymous committed 5ff9744

[svn r96] fix issue #44.

Comments (0)

Files changed (3)

django_authopenid/forms.py

     from openid.yadis import xri
 except ImportError:
     from yadis import xri
+    
+from django_authopenid.util import clean_next
 
 __all__ = ['OpenidSigninForm', 'OpenidAuthForm', 'OpenidVerifyForm',
         'OpenidRegisterForm', 'RegistrationForm', 'ChangepwForm',
     def clean_next(self):
         """ validate next """
         if 'next' in self.cleaned_data and self.cleaned_data['next'] != "":
-            next_url_re = re.compile('^/[-\w/]*$')
-            if not next_url_re.match(self.cleaned_data['next']):
-                raise forms.ValidationError(_('next url "%s" is invalid' % 
-                    self.cleaned_data['next']))
+            self.cleaned_data['next'] = clean_next(self.cleaned_data['next'])
             return self.cleaned_data['next']
 
 
         """ validate next url """
         if 'next' in self.cleaned_data and \
                 self.cleaned_data['next'] != "":
-            next_url_re = re.compile('^/[-\w/]*$')
-            if not next_url_re.match(self.cleaned_data['next']):
-                raise forms.ValidationError(
-                        _('next url "%s" is invalid' % 
-                            self.cleaned_data['next'])
-                )
+            self.cleaned_data['next'] = clean_next(self.cleaned_data['next'])
             return self.cleaned_data['next']
             
     def get_user(self):

django_authopenid/util.py

 
 from django.db.models.query import Q
 from django.conf import settings
+from django.http import str_to_unicode
 
 
 # needed for some linux distributions like debian
     from yadis import xri
 
 import time, base64, md5, operator
+import urllib
 
 from models import Association, Nonce
 
-__all__ = ['OpenID', 'DjangoOpenIDStore', 'from_openid_response']
+__all__ = ['OpenID', 'DjangoOpenIDStore', 'from_openid_response', 'clean_next']
+
+DEFAULT_NEXT = getattr(settings, 'OPENID_REDIRECT_NEXT', '/')
+def clean_next(next):
+    if next is None:
+        return DEFAULT_NEXT
+    next = str_to_unicode(urllib.unquote(next), 'utf-8')
+    next = next.strip()
+    if next.startswith('/'):
+        return next
+    return DEFAULT_NEXT
 
 class OpenID:
     def __init__(self, openid_, issued, attrs=None, sreg_=None):

django_authopenid/views.py

 import urllib
 
 
-from django_authopenid.util import OpenID, DjangoOpenIDStore, from_openid_response
+from django_authopenid.util import OpenID, DjangoOpenIDStore, from_openid_response, clean_next
 from django_authopenid.models import UserAssociation, UserPasswordQueue
 from django_authopenid.forms import OpenidSigninForm, OpenidAuthForm, OpenidRegisterForm, \
         OpenidVerifyForm, RegistrationForm, ChangepwForm, ChangeemailForm, \
 def get_full_url(request):
     return get_url_host(request) + request.get_full_path()
 
-DEFAULT_NEXT = getattr(settings, 'OPENID_REDIRECT_NEXT', '/')
-def clean_next(next):
-    if next is None:
-        return DEFAULT_NEXT
-    next = next.strip()
-    if next.startswith('/'):
-        return next
-    return DEFAULT_NEXT
+
 
 def ask_openid(request, openid_url, redirect_to, on_failure=None,
         sreg_request=None):
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.