[Changeset] r6177 - django/trunk/django/views

Fri, 14 Sep 2007 00:33:47 -0700 

Author: mtredinnick
Date: 2007-09-14 02:33:45 -0500 (Fri, 14 Sep 2007)
New Revision: 6177

Modified:
   django/trunk/django/views/i18n.py
Log:
Fixed #3651 -- Changed set_language_view() to require POST request is used, in 
accordance with the HTTP spec (it changes the user's state). Thanks, Fraser 
Nevett.

This is a backwards incompatible change for anybody previously using this view.


Modified: django/trunk/django/views/i18n.py
===================================================================
--- django/trunk/django/views/i18n.py   2007-09-14 07:19:38 UTC (rev 6176)
+++ django/trunk/django/views/i18n.py   2007-09-14 07:33:45 UTC (rev 6177)
@@ -9,20 +9,26 @@
     """
     Redirect to a given url while setting the chosen language in the
     session or cookie. The url and the language code need to be
-    specified in the GET parameters.
+    specified in the request parameters.
+
+    Since this view changes how the user will see the rest of the site, it must
+    only be accessed as a POST request. If called as a GET request, it will
+    redirect to the page in the request (the 'next' parameter) without changing
+    any state.
     """
-    lang_code = request.GET.get('language', None)
     next = request.GET.get('next', None)
     if not next:
         next = request.META.get('HTTP_REFERER', None)
     if not next:
         next = '/'
     response = http.HttpResponseRedirect(next)
-    if lang_code and check_for_language(lang_code):
-        if hasattr(request, 'session'):
-            request.session['django_language'] = lang_code
-        else:
-            response.set_cookie('django_language', lang_code)
+    if request.method == 'POST':
+        lang_code = request.POST.get('language', None)
+        if lang_code and check_for_language(lang_code):
+            if hasattr(request, 'session'):
+                request.session['django_language'] = lang_code
+            else:
+                response.set_cookie('django_language', lang_code)
     return response
 
 NullSource = """


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to