Extra quote the url from 'next' in authentication

If the next URL contained a + django would helpfully change that into a
space, which broke things further down the chain. So put back this
escaping, in the hope that the redirect will be correct down the road.

This fixes is for spaces, let's hope it doesn't instead break it for
something else.

1 files changed, 2 insertions, 2 deletions

diff --git a/django/archives/auth.py b/django/archives/auth.py
index 87ffb0b..069d57c 100644
--- a/django/archives/auth.py
+++ b/django/archives/auth.py
@@ -28,7 +28,7 @@ from django.conf import settings
 import base64
 import json
 import socket
-from urllib.parse import urlparse, urlencode, parse_qs
+from urllib.parse import urlparse, urlencode, parse_qs, quote_plus
 import requests
 from Cryptodome.Cipher import AES
 from Cryptodome.Hash import SHA
@@ -53,7 +53,7 @@ def login(request):
         # Put together an url-encoded dict of parameters we're getting back,
         # including a small nonce at the beginning to make sure it doesn't
         # encrypt the same way every time.
-        s = "t=%s&%s" % (int(time.time()), urlencode({'r': request.GET['next']}))
+        s = "t=%s&%s" % (int(time.time()), urlencode({'r': quote_plus(request.GET['next'], safe='/')}))
         # Now encrypt it
         r = Random.new()
         iv = r.read(16)