From 46acbf02ed9ab58c7a92553c95790e75bdc3c930 Mon Sep 17 00:00:00 2001 From: Armin Ronacher Date: Mon, 25 May 2015 13:40:47 +0200 Subject: [PATCH] Escape slashes in query strings. This fixes #445 --- CHANGES | 2 ++ jinja2/filters.py | 3 ++- jinja2/utils.py | 8 ++++++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index cfe4c43c..ba820cc0 100644 --- a/CHANGES +++ b/CHANGES @@ -31,6 +31,8 @@ Version 2.8 (`code_generator_class` and `context_class`) (pull request ``#404``). - added support for context/environment/evalctx decorator functions on the finalize callback of the environment. +- escape query strings for urlencode properly. Previously slashes were not + escaped in that place. Version 2.7.3 ------------- diff --git a/jinja2/filters.py b/jinja2/filters.py index 0fb5a5aa..4b444852 100644 --- a/jinja2/filters.py +++ b/jinja2/filters.py @@ -94,7 +94,8 @@ def do_urlencode(value): if itemiter is None: return unicode_urlencode(value) return u'&'.join(unicode_urlencode(k) + '=' + - unicode_urlencode(v) for k, v in itemiter) + unicode_urlencode(v, for_qs=True) + for k, v in itemiter) @evalcontextfilter diff --git a/jinja2/utils.py b/jinja2/utils.py index e12255f2..cdd4cd3a 100644 --- a/jinja2/utils.py +++ b/jinja2/utils.py @@ -283,7 +283,7 @@ def generate_lorem_ipsum(n=5, html=True, min=20, max=100): return Markup(u'\n'.join(u'

%s

' % escape(x) for x in result)) -def unicode_urlencode(obj, charset='utf-8'): +def unicode_urlencode(obj, charset='utf-8', for_qs=False): """URL escapes a single bytestring or unicode string with the given charset if applicable to URL safe quoting under all rules that need to be considered under all supported Python versions. @@ -295,7 +295,11 @@ def unicode_urlencode(obj, charset='utf-8'): obj = text_type(obj) if isinstance(obj, text_type): obj = obj.encode(charset) - return text_type(url_quote(obj)) + safe = for_qs and b'' or b'/' + rv = text_type(url_quote(obj, safe)) + if for_qs: + rv = rv.replace('%20', '+') + return rv class LRUCache(object): -- 2.47.2