From a4b24b88cb343f778cac5ab66cc6117dac68bf21 Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Mon, 24 May 2021 12:48:16 +0200 Subject: [PATCH] Properly quote URL in link to resend an email The lack of this would result in a 404 for any users who clicked a resend link when (1) they were not logged in, and (2) the messageid cotnained a plus character. This would then end up getting unescaped one too many times in the authentication flow and came out as a space on the other end instead of a plus. Reported by Justin Pryzby (and several others, but Justin was persistant in tracking down good examples) --- django/archives/mailarchives/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py index 78f4564..f711ce4 100644 --- a/django/archives/mailarchives/views.py +++ b/django/archives/mailarchives/views.py @@ -650,7 +650,7 @@ def resend(request, messageid): raise PermissionDenied("Access denied.") if not (hasattr(request, 'user') and request.user.is_authenticated): - raise ERedirect('%s?next=%s' % (settings.LOGIN_URL, request.path)) + raise ERedirect('%s?next=%s' % (settings.LOGIN_URL, quote(request.path))) ensure_message_permissions(request, messageid) -- 2.39.5