def root(self, request, url):
"""
DEPRECATED. This function is the old way of handling URL resolution, and
is deprecated in favor of real URL resolution -- see ``get_urls()``.
This function still exists for backwards-compatibility; it will be
removed in Django 1.3.
"""
import warnings
warnings.warn(
"AdminSite.root() is deprecated; use include(admin.site.urls) instead.",
DeprecationWarning
)
#
# Again, remember that the following only exists for
# backwards-compatibility. Any new URLs, changes to existing URLs, or
# whatever need to be done up in get_urls(), above!
#
if request.method == 'GET' and not request.path.endswith('/'):
return http.HttpResponseRedirect(request.path + '/')
if settings.DEBUG:
self.check_dependencies()
# Figure out the admin base URL path and stash it for later use
self.root_path = re.sub(re.escape(url) + '$', '', request.path)
url = url.rstrip('/') # Trim trailing slash, if it exists.
# The 'logout' view doesn't require that the person is logged in.
if url == 'logout':
return self.logout(request)
# Check permission to continue or display login form.
if not self.has_permission(request):
return self.login(request)
if url == '':
return self.index(request)
elif url == 'password_change':
return self.password_change(request)
elif url == 'password_change/done':
return self.password_change_done(request)
elif url == 'jsi18n':
return self.i18n_javascript(request)
# URLs starting with 'r/' are for the "View on site" links.
elif url.startswith('r/'):
from django.contrib.contenttypes.views import shortcut
return shortcut(request, *url.split('/')[1:])
else:
if '/' in url:
return self.model_page(request, *url.split('/', 2))
else:
return self.app_index(request, url)
raise http.Http404('The requested admin page does not exist.')
def root(self, request, url):
"""
DEPRECATED. This function is the old way of handling URL resolution, and
is deprecated in favor of real URL resolution -- see ``get_urls()``.
This function still exists for backwards-compatibility; it will be
removed in Django 1.3.
"""
import warnings
warnings.warn(
"AdminSite.root() is deprecated; use include(admin.site.urls) instead.",
PendingDeprecationWarning
)
#
# Again, remember that the following only exists for
# backwards-compatibility. Any new URLs, changes to existing URLs, or
# whatever need to be done up in get_urls(), above!
#
if request.method == 'GET' and not request.path.endswith('/'):
return http.HttpResponseRedirect(request.path + '/')
if settings.DEBUG:
self.check_dependencies()
# Figure out the admin base URL path and stash it for later use
self.root_path = re.sub(re.escape(url) + '$', '', request.path)
url = url.rstrip('/') # Trim trailing slash, if it exists.
# The 'logout' view doesn't require that the person is logged in.
if url == 'logout':
return self.logout(request)
# Check permission to continue or display login form.
if not self.has_permission(request):
return self.login(request)
if url == '':
return self.index(request)
elif url == 'password_change':
return self.password_change(request)
elif url == 'password_change/done':
return self.password_change_done(request)
elif url == 'jsi18n':
return self.i18n_javascript(request)
# URLs starting with 'r/' are for the "View on site" links.
elif url.startswith('r/'):
from django.contrib.contenttypes.views import shortcut
return shortcut(request, *url.split('/')[1:])
else:
if '/' in url:
return self.model_page(request, *url.split('/', 2))
else:
return self.app_index(request, url)
raise http.Http404('The requested admin page does not exist.')
def _fetch_url(url):
if not url.startswith('http://') and not url.startswith('https://'):
if '://' not in url:
url = 'http://' + url
else:
# Must at least prevent file://, better to whitelist than blacklist
raise ServiceError("Only http/https links allowed")
try:
url_request = urllib2.Request(url)
url_response = urllib2.urlopen(url_request)
except (IOError, httplib.HTTPException, UnicodeEncodeError):
raise ServiceError("Unable to download image.")
if url_response.getcode() != 200:
raise ServiceError("The requested image could not be downloaded. Please try a different image.")
else:
return url_response.read()
def _fetch_url(url):
if not url.startswith('http://') and not url.startswith('https://'):
if '://' not in url:
url = 'http://' + url
else:
# Must at least prevent file://, better to whitelist than blacklist
raise ServiceError("Only http/https links allowed")
try:
url_request = urllib2.Request(url)
url_response = urllib2.urlopen(url_request)
except (IOError, httplib.HTTPException, UnicodeEncodeError):
raise ServiceError("Unable to download image.")
if url_response.getcode() != 200:
raise ServiceError(
"The requested image could not be downloaded. Please try a different image."
)
else:
return url_response.read()
def verify_first_party_url(url):
"""
Also allows iTunes store URLs.
"""
if not url or not url.startswith('/'):
parsed_url = urlparse.urlparse(url)
try:
protocol = parsed_url[0]
domain = parsed_url[1]
except IndexError:
raise ServiceError("Invalid share url.")
if protocol not in ['http', 'https'] or domain not in ['itunes.apple.com', 'example.com']:
# Only 1st party redirects, to avoid security holes that 3rd party redirects imply
raise ServiceError("Invalid share url.")
def verify_first_party_url(url):
"""
Also allows iTunes store URLs.
"""
if not url or not url.startswith("/"):
parsed_url = urlparse.urlparse(url)
try:
protocol = parsed_url[0]
domain = parsed_url[1]
except IndexError:
raise ServiceError("Invalid share url.")
if protocol not in ["http", "https"] or domain not in ["itunes.apple.com", "example.com"]:
# Only 1st party redirects, to avoid security holes that 3rd party redirects imply
raise ServiceError("Invalid share url.")
def ensure_absolute_url(self, request, url):
if not (url.startswith('http://') or url.startswith('https://')):
url = request.build_absolute_uri(url)
return url
def ensure_absolute_url(self, request, url):
if not (url.startswith('http://') or url.startswith('https://')):
url = request.build_absolute_uri(url)
return url
