From fe840a34ff79f6fd996219ff8325b5f07cc3f62b Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 21 Nov 2019 11:38:40 +0000 Subject: [PATCH] Escape hyperlink URLs on lookup (#7059) * Escape hyperlink URLs on lookup * Rename duplicate test --- rest_framework/relations.py | 2 +- tests/test_relations.py | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/rest_framework/relations.py b/rest_framework/relations.py index 9bde79b19..af4dd1804 100644 --- a/rest_framework/relations.py +++ b/rest_framework/relations.py @@ -344,7 +344,7 @@ class HyperlinkedRelatedField(RelatedField): if data.startswith(prefix): data = '/' + data[len(prefix):] - data = uri_to_iri(data) + data = uri_to_iri(parse.unquote(data)) try: match = resolve(data) diff --git a/tests/test_relations.py b/tests/test_relations.py index c89293415..86ed623ae 100644 --- a/tests/test_relations.py +++ b/tests/test_relations.py @@ -153,6 +153,7 @@ class TestHyperlinkedRelatedField(APISimpleTestCase): self.queryset = MockQueryset([ MockObject(pk=1, name='foobar'), MockObject(pk=2, name='bazABCqux'), + MockObject(pk=2, name='bazABC qux'), ]) self.field = serializers.HyperlinkedRelatedField( view_name='example', @@ -191,6 +192,10 @@ class TestHyperlinkedRelatedField(APISimpleTestCase): instance = self.field.to_internal_value('http://example.org/example/baz%41%42%43qux/') assert instance is self.queryset.items[1] + def test_hyperlinked_related_lookup_url_space_encoded_exists(self): + instance = self.field.to_internal_value('http://example.org/example/bazABC%20qux/') + assert instance is self.queryset.items[2] + def test_hyperlinked_related_lookup_does_not_exist(self): with pytest.raises(serializers.ValidationError) as excinfo: self.field.to_internal_value('http://example.org/example/doesnotexist/')