From 43cff22950a638a69d4f0ad0036ed034815c8f6c Mon Sep 17 00:00:00 2001
From: Olivier Dony <odo@openerp.com>
Date: Mon, 25 Jul 2016 11:42:45 +0200
Subject: [PATCH] [FIX] base: fix broken URLs when redirecting

Similarly to werkzeug.urls.url_fix(), attempt to
correct some leftover special characters that
should have been URL-encoded.

We cannot actually use `werkzeug.urls.url_fix` or
`werkzeug.urls.url_quote`, as they expect more/most
characters to be un-encoded.
We have many existing cases where the redirect URL is
already fully encoded or mostly encoded, and those
functions would cause double-encoding, breaking the
final URL.
---
 openerp/http.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openerp/http.py b/openerp/http.py
index 3c4bf69b62a..5b85c07efff 100644
--- a/openerp/http.py
+++ b/openerp/http.py
@@ -160,6 +160,7 @@ def redirect_with_hash(url, code=303):
     # See extensive test page at http://greenbytes.de/tech/tc/httpredirects/
     if request.httprequest.user_agent.browser in ('firefox',):
         return werkzeug.utils.redirect(url, code)
+    url = url.replace("'", "%27").replace("<", "%3C")
     return "<html><head><script>window.location = '%s' + location.hash;</script></head></html>" % url
 
 class WebRequest(object):