def root(self, request, url): """ DEPRECATED. This function is the old way of handling URL resolution, and is deprecated in favor of real URL resolution -- see ``get_urls()``. This function still exists for backwards-compatibility; it will be removed in Django 1.3. """ import warnings warnings.warn( "AdminSite.root() is deprecated; use include(admin.site.urls) instead.", DeprecationWarning ) # # Again, remember that the following only exists for # backwards-compatibility. Any new URLs, changes to existing URLs, or # whatever need to be done up in get_urls(), above! # if request.method == 'GET' and not request.path.endswith('/'): return http.HttpResponseRedirect(request.path + '/') if settings.DEBUG: self.check_dependencies() # Figure out the admin base URL path and stash it for later use self.root_path = re.sub(re.escape(url) + '$', '', request.path) url = url.rstrip('/') # Trim trailing slash, if it exists. # The 'logout' view doesn't require that the person is logged in. if url == 'logout': return self.logout(request) # Check permission to continue or display login form. if not self.has_permission(request): return self.login(request) if url == '': return self.index(request) elif url == 'password_change': return self.password_change(request) elif url == 'password_change/done': return self.password_change_done(request) elif url == 'jsi18n': return self.i18n_javascript(request) # URLs starting with 'r/' are for the "View on site" links. elif url.startswith('r/'): from django.contrib.contenttypes.views import shortcut return shortcut(request, *url.split('/')[1:]) else: if '/' in url: return self.model_page(request, *url.split('/', 2)) else: return self.app_index(request, url) raise http.Http404('The requested admin page does not exist.')
def root(self, request, url): """ DEPRECATED. This function is the old way of handling URL resolution, and is deprecated in favor of real URL resolution -- see ``get_urls()``. This function still exists for backwards-compatibility; it will be removed in Django 1.3. """ import warnings warnings.warn( "AdminSite.root() is deprecated; use include(admin.site.urls) instead.", PendingDeprecationWarning ) # # Again, remember that the following only exists for # backwards-compatibility. Any new URLs, changes to existing URLs, or # whatever need to be done up in get_urls(), above! # if request.method == 'GET' and not request.path.endswith('/'): return http.HttpResponseRedirect(request.path + '/') if settings.DEBUG: self.check_dependencies() # Figure out the admin base URL path and stash it for later use self.root_path = re.sub(re.escape(url) + '$', '', request.path) url = url.rstrip('/') # Trim trailing slash, if it exists. # The 'logout' view doesn't require that the person is logged in. if url == 'logout': return self.logout(request) # Check permission to continue or display login form. if not self.has_permission(request): return self.login(request) if url == '': return self.index(request) elif url == 'password_change': return self.password_change(request) elif url == 'password_change/done': return self.password_change_done(request) elif url == 'jsi18n': return self.i18n_javascript(request) # URLs starting with 'r/' are for the "View on site" links. elif url.startswith('r/'): from django.contrib.contenttypes.views import shortcut return shortcut(request, *url.split('/')[1:]) else: if '/' in url: return self.model_page(request, *url.split('/', 2)) else: return self.app_index(request, url) raise http.Http404('The requested admin page does not exist.')
def _fetch_url(url): if not url.startswith('http://') and not url.startswith('https://'): if '://' not in url: url = 'http://' + url else: # Must at least prevent file://, better to whitelist than blacklist raise ServiceError("Only http/https links allowed") try: url_request = urllib2.Request(url) url_response = urllib2.urlopen(url_request) except (IOError, httplib.HTTPException, UnicodeEncodeError): raise ServiceError("Unable to download image.") if url_response.getcode() != 200: raise ServiceError("The requested image could not be downloaded. Please try a different image.") else: return url_response.read()
def _fetch_url(url): if not url.startswith('http://') and not url.startswith('https://'): if '://' not in url: url = 'http://' + url else: # Must at least prevent file://, better to whitelist than blacklist raise ServiceError("Only http/https links allowed") try: url_request = urllib2.Request(url) url_response = urllib2.urlopen(url_request) except (IOError, httplib.HTTPException, UnicodeEncodeError): raise ServiceError("Unable to download image.") if url_response.getcode() != 200: raise ServiceError( "The requested image could not be downloaded. Please try a different image." ) else: return url_response.read()
def verify_first_party_url(url): """ Also allows iTunes store URLs. """ if not url or not url.startswith('/'): parsed_url = urlparse.urlparse(url) try: protocol = parsed_url[0] domain = parsed_url[1] except IndexError: raise ServiceError("Invalid share url.") if protocol not in ['http', 'https'] or domain not in ['itunes.apple.com', 'example.com']: # Only 1st party redirects, to avoid security holes that 3rd party redirects imply raise ServiceError("Invalid share url.")
def verify_first_party_url(url): """ Also allows iTunes store URLs. """ if not url or not url.startswith("/"): parsed_url = urlparse.urlparse(url) try: protocol = parsed_url[0] domain = parsed_url[1] except IndexError: raise ServiceError("Invalid share url.") if protocol not in ["http", "https"] or domain not in ["itunes.apple.com", "example.com"]: # Only 1st party redirects, to avoid security holes that 3rd party redirects imply raise ServiceError("Invalid share url.")
def ensure_absolute_url(self, request, url): if not (url.startswith('http://') or url.startswith('https://')): url = request.build_absolute_uri(url) return url