def get_outgoing_url(url): """ Bounce a URL off an outgoing URL redirector, such as outgoing.prod.mozaws.net. """ if not settings.REDIRECT_URL: return url # django.utils.http._urlparse is a copy of python's urlparse() # "but uses fixed urlsplit() function". parsed_url = django_urlparse(url) url_netloc = parsed_url.netloc # This prevents a link like javascript://addons.mozilla.org... # being returned unchanged since the netloc matches the # safe list see bug 1251023 if parsed_url.scheme not in ['http', 'https']: return '/' # No double-escaping, and some domain names are excluded. if (url_netloc == django_urlparse(settings.REDIRECT_URL).netloc or url_netloc in settings.REDIRECT_URL_ALLOW_LIST): return url url = force_bytes(jinja2.utils.Markup(url).unescape()) sig = hmac.new(force_bytes(settings.REDIRECT_SECRET_KEY), msg=url, digestmod=hashlib.sha256).hexdigest() # Let '&=' through so query params aren't escaped. We probably shouldn't # bother to quote the query part at all. return '/'.join( [settings.REDIRECT_URL.rstrip('/'), sig, quote(url, safe='/&=')])
def get_outgoing_url(url): """ Bounce a URL off an outgoing URL redirector, such as outgoing.prod.mozaws.net. """ if not settings.REDIRECT_URL: return url # django.utils.http._urlparse is a copy of python's urlparse() # "but uses fixed urlsplit() function". parsed_url = django_urlparse(url) url_netloc = parsed_url.netloc # This prevents a link like javascript://addons.mozilla.org... # being returned unchanged since the netloc matches the # safe list see bug 1251023 if parsed_url.scheme not in ['http', 'https']: return '/' # No double-escaping, and some domain names are excluded. if (url_netloc == django_urlparse(settings.REDIRECT_URL).netloc or url_netloc in settings.REDIRECT_URL_ALLOW_LIST): return url url = force_bytes(jinja2.utils.Markup(url).unescape()) sig = hmac.new(force_bytes(settings.REDIRECT_SECRET_KEY), msg=url, digestmod=hashlib.sha256).hexdigest() # Let '&=' through so query params aren't escaped. We probably shouldn't # bother to quote the query part at all. return '/'.join([settings.REDIRECT_URL.rstrip('/'), sig, quote(url, safe='/&=')])
def urlparams(url_, hash=None, **query): """ Add a fragment and/or query parameters to a URL. New query params will be appended to existing parameters, except duplicate names, which will be replaced. """ url = django_urlparse(force_str(url_)) fragment = hash if hash is not None else url.fragment # Use dict(parse_qsl) so we don't get lists of values. query_dict = dict(parse_qsl(force_str(url.query))) if url.query else {} query_dict.update( (k, force_bytes(v) if v is not None else v) for k, v in query.items()) query_string = urlencode([(k, unquote_to_bytes(v)) for k, v in query_dict.items() if v is not None]) result = ParseResult(url.scheme, url.netloc, url.path, url.params, query_string, fragment) return result.geturl()
def urlparams(url_, hash=None, **query): """ Add a fragment and/or query parameters to a URL. New query params will be appended to existing parameters, except duplicate names, which will be replaced. """ url = django_urlparse(force_text(url_)) fragment = hash if hash is not None else url.fragment # Use dict(parse_qsl) so we don't get lists of values. q = url.query query_dict = dict(parse_qsl(force_text(q))) if q else {} query_dict.update( (k, force_bytes(v) if v is not None else v) for k, v in query.items()) query_string = urlencode( [(k, unquote_to_bytes(v)) for k, v in query_dict.items() if v is not None]) new = ParseResult(url.scheme, url.netloc, url.path, url.params, query_string, fragment) return new.geturl()