Escape hyperlink URLs on lookup (#7059)

* Escape hyperlink URLs on lookup

* Rename duplicate test
This commit is contained in:
Tom Christie 2019-11-21 11:38:40 +00:00 committed by GitHub
parent 39876e6607
commit fe840a34ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions

View File

@ -344,7 +344,7 @@ class HyperlinkedRelatedField(RelatedField):
if data.startswith(prefix): if data.startswith(prefix):
data = '/' + data[len(prefix):] data = '/' + data[len(prefix):]
data = uri_to_iri(data) data = uri_to_iri(parse.unquote(data))
try: try:
match = resolve(data) match = resolve(data)

View File

@ -153,6 +153,7 @@ class TestHyperlinkedRelatedField(APISimpleTestCase):
self.queryset = MockQueryset([ self.queryset = MockQueryset([
MockObject(pk=1, name='foobar'), MockObject(pk=1, name='foobar'),
MockObject(pk=2, name='bazABCqux'), MockObject(pk=2, name='bazABCqux'),
MockObject(pk=2, name='bazABC qux'),
]) ])
self.field = serializers.HyperlinkedRelatedField( self.field = serializers.HyperlinkedRelatedField(
view_name='example', view_name='example',
@ -191,6 +192,10 @@ class TestHyperlinkedRelatedField(APISimpleTestCase):
instance = self.field.to_internal_value('http://example.org/example/baz%41%42%43qux/') instance = self.field.to_internal_value('http://example.org/example/baz%41%42%43qux/')
assert instance is self.queryset.items[1] assert instance is self.queryset.items[1]
def test_hyperlinked_related_lookup_url_space_encoded_exists(self):
instance = self.field.to_internal_value('http://example.org/example/bazABC%20qux/')
assert instance is self.queryset.items[2]
def test_hyperlinked_related_lookup_does_not_exist(self): def test_hyperlinked_related_lookup_does_not_exist(self):
with pytest.raises(serializers.ValidationError) as excinfo: with pytest.raises(serializers.ValidationError) as excinfo:
self.field.to_internal_value('http://example.org/example/doesnotexist/') self.field.to_internal_value('http://example.org/example/doesnotexist/')