Properly quote URL in link to resend an email

The lack of this would result in a 404 for any users who clicked a resend link when (1) they were not logged in, and (2) the messageid cotnained a plus character. This would then end up getting unescaped one too many times in the authentication flow and came out as a space on the other end instead of a plus. Reported by Justin Pryzby (and several others, but Justin was persistant in tracking down good examples)
author: Magnus Hagander 2021-05-24 10:48:16 +0000
committer: Magnus Hagander 2021-05-24 10:48:16 +0000
commit: a4b24b88cb343f778cac5ab66cc6117dac68bf21 (patch)
tree: 17fdec71ac6ff38107f71d053d0cdec7c0f9b68e /django
parent: 37f0f3f0a74c91a2c6f0104ee06c7725161c9b86 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py
index 78f4564..f711ce4 100644
--- a/django/archives/mailarchives/views.py
+++ b/django/archives/mailarchives/views.py
@@ -650,7 +650,7 @@ def resend(request, messageid):
         raise PermissionDenied("Access denied.")
 
     if not (hasattr(request, 'user') and request.user.is_authenticated):
-        raise ERedirect('%s?next=%s' % (settings.LOGIN_URL, request.path))
+        raise ERedirect('%s?next=%s' % (settings.LOGIN_URL, quote(request.path)))
 
     ensure_message_permissions(request, messageid)
author	Magnus Hagander	2021-05-24 10:48:16 +0000
committer	Magnus Hagander	2021-05-24 10:48:16 +0000
commit	a4b24b88cb343f778cac5ab66cc6117dac68bf21 (patch)
tree	17fdec71ac6ff38107f71d053d0cdec7c0f9b68e /django
parent	37f0f3f0a74c91a2c6f0104ee06c7725161c9b86 (diff)