From b58103bee698d8e1aceeeccdbc34d6d2adb32abf Mon Sep 17 00:00:00 2001 From: Jon Massey Date: Mon, 30 Sep 2024 16:40:53 +0100 Subject: [PATCH 1/2] Test for redirects with wildcards in path --- tests/unit/redirects/test_middleware.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/unit/redirects/test_middleware.py b/tests/unit/redirects/test_middleware.py index ebd0faf7f..c6edf6520 100644 --- a/tests/unit/redirects/test_middleware.py +++ b/tests/unit/redirects/test_middleware.py @@ -39,3 +39,16 @@ def test_redirectsmiddleware_unknown_url(rf): response = RedirectsMiddleware(get_response)(request) assert response == "no match" + + +def test_redirect_with_wildcard_in_path(rf): + w1 = WorkspaceFactory() + w2 = WorkspaceFactory() + RedirectFactory(old_url="/abc/123/test_workspace/", workspace=w1) + RedirectFactory(old_url="/abc/123/test-workspace/", workspace=w2) + + request = rf.get("/abc/123/test-workspace/") + + response = RedirectsMiddleware(get_response)(request) + + assert response.url == w2.get_absolute_url() From 5fe99ae83c785d491187f831e07f8174d4391bca Mon Sep 17 00:00:00 2001 From: Jon Massey Date: Mon, 30 Sep 2024 16:52:08 +0100 Subject: [PATCH 2/2] Use pure Django query to find redirects We allow underscores in project and workspace names. When finding redirects, we search for redirects whose `old_url` is at the beginning of the requested URL. Previous approaches hand-constructed the SQL WHERE clause with a LIKE operator which was buggy due to underscores being LIKE wildcards. With this approach, Django generates the WHERE clause with all the necessary escaping of characters in `old_url` that could be interpreted as wildcards. Co-authored-by: Mike Kelly --- redirects/middleware.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/redirects/middleware.py b/redirects/middleware.py index 8f957d1af..7e8546b72 100644 --- a/redirects/middleware.py +++ b/redirects/middleware.py @@ -1,3 +1,4 @@ +from django.db.models import CharField, F, Value from django.db.models.functions import Length from django.shortcuts import redirect @@ -27,11 +28,11 @@ def __call__(self, request): # look for a direct or prefix match on the current URL redirection = ( - Redirect.objects.extra( - where=["%s LIKE concat(old_url, '%%')"], - params=[request.path], + Redirect.objects.annotate( + url_length=Length("old_url"), + request_url=Value(request.path, output_field=CharField()), ) - .annotate(url_length=Length("old_url")) + .filter(request_url__startswith=F("old_url")) .order_by("-url_length") .first() )