def get_outgoing_url(url):
"""
Bounce a URL off an outgoing URL redirector, such as
outgoing.prod.mozaws.net.
"""
if not settings.REDIRECT_URL:
return url
# django.utils.http._urlparse is a copy of python's urlparse()
# "but uses fixed urlsplit() function".
parsed_url = django_urlparse(url)
url_netloc = parsed_url.netloc
# This prevents a link like javascript://addons.mozilla.org...
# being returned unchanged since the netloc matches the
# safe list see bug 1251023
if parsed_url.scheme not in ['http', 'https']:
return '/'
# No double-escaping, and some domain names are excluded.
if (url_netloc == django_urlparse(settings.REDIRECT_URL).netloc
or url_netloc in settings.REDIRECT_URL_ALLOW_LIST):
return url
url = force_bytes(jinja2.utils.Markup(url).unescape())
sig = hmac.new(force_bytes(settings.REDIRECT_SECRET_KEY),
msg=url,
digestmod=hashlib.sha256).hexdigest()
# Let '&=' through so query params aren't escaped. We probably shouldn't
# bother to quote the query part at all.
return '/'.join(
[settings.REDIRECT_URL.rstrip('/'), sig,
quote(url, safe='/&=')])
def get_outgoing_url(url):
"""
Bounce a URL off an outgoing URL redirector, such as
outgoing.prod.mozaws.net.
"""
if not settings.REDIRECT_URL:
return url
# django.utils.http._urlparse is a copy of python's urlparse()
# "but uses fixed urlsplit() function".
parsed_url = django_urlparse(url)
url_netloc = parsed_url.netloc
# This prevents a link like javascript://addons.mozilla.org...
# being returned unchanged since the netloc matches the
# safe list see bug 1251023
if parsed_url.scheme not in ['http', 'https']:
return '/'
# No double-escaping, and some domain names are excluded.
if (url_netloc == django_urlparse(settings.REDIRECT_URL).netloc or
url_netloc in settings.REDIRECT_URL_ALLOW_LIST):
return url
url = force_bytes(jinja2.utils.Markup(url).unescape())
sig = hmac.new(force_bytes(settings.REDIRECT_SECRET_KEY),
msg=url, digestmod=hashlib.sha256).hexdigest()
# Let '&=' through so query params aren't escaped. We probably shouldn't
# bother to quote the query part at all.
return '/'.join([settings.REDIRECT_URL.rstrip('/'), sig,
quote(url, safe='/&=')])
def urlparams(url_, hash=None, **query):
"""
Add a fragment and/or query parameters to a URL.
New query params will be appended to existing parameters, except duplicate
names, which will be replaced.
"""
url = django_urlparse(force_str(url_))
fragment = hash if hash is not None else url.fragment
# Use dict(parse_qsl) so we don't get lists of values.
query_dict = dict(parse_qsl(force_str(url.query))) if url.query else {}
query_dict.update(
(k, force_bytes(v) if v is not None else v) for k, v in query.items())
query_string = urlencode([(k, unquote_to_bytes(v))
for k, v in query_dict.items() if v is not None])
result = ParseResult(url.scheme, url.netloc, url.path, url.params,
query_string, fragment)
return result.geturl()
def urlparams(url_, hash=None, **query):
"""
Add a fragment and/or query parameters to a URL.
New query params will be appended to existing parameters, except duplicate
names, which will be replaced.
"""
url = django_urlparse(force_text(url_))
fragment = hash if hash is not None else url.fragment
# Use dict(parse_qsl) so we don't get lists of values.
q = url.query
query_dict = dict(parse_qsl(force_text(q))) if q else {}
query_dict.update(
(k, force_bytes(v) if v is not None else v) for k, v in query.items())
query_string = urlencode(
[(k, unquote_to_bytes(v))
for k, v in query_dict.items() if v is not None])
new = ParseResult(url.scheme, url.netloc, url.path, url.params,
query_string, fragment)
return new.geturl()
