本文整理汇总了Python中django.utils.http.is_safe_url方法的典型用法代码示例。如果您正苦于以下问题:Python http.is_safe_url方法的具体用法?Python http.is_safe_url怎么用?Python http.is_safe_url使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类django.utils.http的用法示例。
在下文中一共展示了http.is_safe_url方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_return_url
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def get_return_url(self, request, obj=None):
# First, see if `return_url` was specified as a query parameter or form data.
# Use this URL only if it's considered safe.
query_param = request.GET.get("return_url") or request.POST.get("return_url")
if query_param and is_safe_url(
url=query_param, allowed_hosts=request.get_host()
):
return query_param
# Next, check if the object being modified (if any) has an absolute URL.
elif obj is not None and obj.pk and hasattr(obj, "get_absolute_url"):
return obj.get_absolute_url()
# Fall back to the default URL (if specified) for the view.
elif self.default_return_url is not None:
return reverse(self.default_return_url)
# If all else fails, return home. Ideally this should never happen.
return reverse("home") 示例2: set_user_language
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def set_user_language(request):
next = request.REQUEST.get('next')
if not is_safe_url(url=next, host=request.get_host()):
next = request.META.get('HTTP_REFERER')
if not is_safe_url(url=next, host=request.get_host()):
next = '/'
response = HttpResponseRedirect(next)
if request.method == 'POST':
lang_code = request.POST.get('language', None)
if 'ref' not in next:
ref = urlparse(request.POST.get('referrer', next))
response = HttpResponseRedirect('?ref='.join([next, ref.path]))
if lang_code and check_for_language(lang_code):
if hasattr(request, 'session'):
request.session['django_language'] = lang_code
else:
response.set_cookie(settings.LANGUAGE_COOKIE_NAME, lang_code)
user = request.user
if user.is_authenticated():
user_profile = user.profile
user_profile.language = lang_code
user_profile.save()
return response 示例3: get_next_page
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def get_next_page(self):
if self.next_page is not None:
next_page = resolve_url(self.next_page)
elif settings.LOGOUT_REDIRECT_URL:
next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
else:
next_page = self.next_page
if (self.redirect_field_name in self.request.POST or
self.redirect_field_name in self.request.GET):
next_page = self.request.POST.get(
self.redirect_field_name,
self.request.GET.get(self.redirect_field_name)
)
url_is_safe = is_safe_url(
url=next_page,
allowed_hosts=self.get_success_url_allowed_hosts(),
require_https=self.request.is_secure(),
)
# Security check -- Ensure the user-originating redirection URL is
# safe.
if not url_is_safe:
next_page = self.request.path
return next_page 示例4: dispatch
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def dispatch(self, request):
redirect_to = request.GET.get(REDIRECT_FIELD_NAME, REDIRECT_URL)
# Make sure we're not redirecting to other sites
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = resolve_url(REDIRECT_URL)
if request.is_sudo():
return HttpResponseRedirect(redirect_to)
if request.method == "GET":
request.session[REDIRECT_TO_FIELD_NAME] = redirect_to
context = {
"form": self.form_class(request.user, request.POST or None),
"request": request,
REDIRECT_FIELD_NAME: redirect_to,
}
if self.handle_sudo(request, redirect_to, context):
return self.grant_sudo_privileges(request, redirect_to)
if self.extra_context is not None:
context.update(self.extra_context)
return TemplateResponse(request, self.template_name, context) 示例5: form_valid
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def form_valid(self, form):
request = self.request
# If the test cookie worked, go ahead and delete it since its no longer needed
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
# The default Django's "remember me" lifetime is 2 weeks and can be changed by modifying
# the SESSION_COOKIE_AGE settings' option.
if settings.USE_REMEMBER_ME:
if not form.cleaned_data['remember_me']:
request.session.set_expiry(0)
login(request, form.user_cache)
redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME))
url_is_safe = is_safe_url(redirect_to, allowed_hosts=request.get_host(), require_https=request.is_secure())
if url_is_safe:
return redirect(redirect_to)
return redirect(settings.LOGIN_REDIRECT_URL) 示例6: task_status
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def task_status(request, task_id):
try:
UUID(task_id)
except ValueError:
raise Http404()
redirect = request.GET.get('redirect')
if not is_safe_url(redirect, allowed_hosts={request.get_host()}):
redirect = None
status = get_task_status(task_id)
if status['code'] == 'SUCCESS' and redirect:
return HttpResponseRedirect(redirect)
return render(request, 'task_status.html', {
'task_id': task_id, 'task_status': json.dumps(status),
'message': request.GET.get('message', ''), 'redirect': redirect or '',
}) 示例7: user_login
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def user_login(request):
"""
View for logging users in.
"""
redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, ''))
login_form = AuthenticationForm(request, data=request.POST)
if login_form.is_valid():
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=REDIRECT_FIELD_NAME, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
# Okay, security check complete. Log the user in.
auth_login(request, login_form.get_user())
return redirect(settings.LOGIN_REDIRECT_URL if redirect_to == '' else redirect_to)
else:
return render(request, 'index.html', {'login_form': login_form, 'display': 'block', 'active': 'login'}) 示例8: lock
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def lock(request, page_id):
# Get the page
page = get_object_or_404(Page, id=page_id).specific
# Check permissions
if not page.permissions_for_user(request.user).can_lock():
raise PermissionDenied
# Lock the page
if not page.locked:
page.locked = True
page.locked_by = request.user
page.locked_at = timezone.now()
page.save()
# Redirect
redirect_to = request.POST.get('next', None)
if redirect_to and is_safe_url(url=redirect_to, allowed_hosts={request.get_host()}):
return redirect(redirect_to)
else:
return redirect('wagtailadmin_explore', page.get_parent().id) 示例9: unlock
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def unlock(request, page_id):
# Get the page
page = get_object_or_404(Page, id=page_id).specific
# Check permissions
if not page.permissions_for_user(request.user).can_unlock():
raise PermissionDenied
# Unlock the page
if page.locked:
page.locked = False
page.locked_by = None
page.locked_at = None
page.save()
messages.success(request, _("Page '{0}' is now unlocked.").format(page.get_admin_display_title()), extra_tags='unlock')
# Redirect
redirect_to = request.POST.get('next', None)
if redirect_to and is_safe_url(url=redirect_to, allowed_hosts={request.get_host()}):
return redirect(redirect_to)
else:
return redirect('wagtailadmin_explore', page.get_parent().id) 示例10: post
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def post(self, request, *args, **kwargs):
realm = get_object_or_404(Realm, pk=kwargs["pk"], enabled_for_login=True)
callback = "realms.utils.login_callback"
callback_kwargs = {}
next_url = request.POST.get("next")
if next_url and is_safe_url(url=next_url,
allowed_hosts={request.get_host()},
require_https=request.is_secure()):
callback_kwargs["next_url"] = next_url
redirect_url = None
try:
redirect_url = realm.backend_instance.initialize_session(callback, **callback_kwargs)
except Exception:
logger.exception("Could not get realm %s redirect URL", realm.pk)
else:
if redirect_url:
return HttpResponseRedirect(redirect_url)
else:
raise ValueError("Empty realm {} redirect URL".format(realm.pk)) 示例11: set_language
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def set_language(request):
"""
Redirect to a given url while setting the chosen language in the
session or cookie. The url and the language code need to be
specified in the request parameters.
Since this view changes how the user will see the rest of the site, it must
only be accessed as a POST request. If called as a GET request, it will
redirect to the page in the request (the 'next' parameter) without changing
any state.
"""
next = request.REQUEST.get('next')
if not is_safe_url(url=next, host=request.get_host()):
next = request.META.get('HTTP_REFERER')
if not is_safe_url(url=next, host=request.get_host()):
next = '/'
response = http.HttpResponseRedirect(next)
if request.method == 'POST':
lang_code = request.POST.get('language', None)
if lang_code and check_for_language(lang_code):
if hasattr(request, 'session'):
request.session['django_language'] = lang_code
else:
response.set_cookie(settings.LANGUAGE_COOKIE_NAME, lang_code)
return response 示例12: form_valid
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def form_valid(self, form):
user = form.get_user()
if not self.requires_two_factor(user):
# no keys registered, use single-factor auth
return super(U2FLoginView, self).form_valid(form)
else:
self.request.session['u2f_pre_verify_user_pk'] = user.pk
self.request.session['u2f_pre_verify_user_backend'] = user.backend
verify_url = reverse('u2f:verify-second-factor')
redirect_to = self.request.POST.get(auth.REDIRECT_FIELD_NAME,
self.request.GET.get(auth.REDIRECT_FIELD_NAME, ''))
params = {}
if is_safe_url(url=redirect_to, allowed_hosts=self.request.get_host()):
params[auth.REDIRECT_FIELD_NAME] = redirect_to
if self.is_admin:
params['admin'] = 1
if params:
verify_url += '?' + urlencode(params)
return HttpResponseRedirect(verify_url) 示例13: set_locale
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def set_locale(request):
"""
Redirect to the referrer URL while setting the chosen language in the session.
The new language needs to be specified in the request body as `new_locale`.
Since this view changes how the user will see the rest of the site, it must
only be accessed as a POST request.
Based on `django.views.i18n.set_language`
"""
next = request.POST.get("next", "/")
if not is_safe_url(
url=next, allowed_hosts={request.get_host()}, require_https=request.is_secure()
):
next = "/"
response = HttpResponseRedirect(next)
locale = request.POST.get("new_locale")
if is_supported(locale):
request.locale_id = locale
# Save current locale in a cookie.
set_language_cookie(response, locale)
if request.user.is_authenticated:
request.user.user_profile.locale_id = locale
request.user.user_profile.save(update_fields=["locale_id"])
return response 示例14: form_valid
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def form_valid(self, form, forms):
if not form.validate_second_factor():
return self.form_invalid(forms)
del self.request.session['u2f_pre_verify_user_pk']
del self.request.session['u2f_pre_verify_user_backend']
self.request.session['verfied_otp'] = True
self.request.session['verfied_u2f'] = True
auth.login(self.request, self.user)
redirect_to = self.request.POST.get(auth.REDIRECT_FIELD_NAME,
self.request.GET.get(auth.REDIRECT_FIELD_NAME, ''))
if not is_safe_url(url=redirect_to, allowed_hosts=self.request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
return HttpResponseRedirect(redirect_to) 示例15: logout
# 需要导入模块: from django.utils import http [as 别名]
# 或者: from django.utils.http import is_safe_url [as 别名]
def logout(request, next_page=None, redirect_field_name=REDIRECT_FIELD_NAME):
"""
Logs out the user and displays 'You are logged out' message.
"""
Message.objects.create(type=u'用户退出', user=request.user, action=u'用户退出', action_ip=UserIP(request),
content='用户退出 %s' % request.user)
auth_logout(request)
if next_page is not None:
next_page = resolve_url(next_page)
if (redirect_field_name in request.POST or
redirect_field_name in request.GET):
next_page = request.POST.get(redirect_field_name,
request.GET.get(redirect_field_name))
# Security check -- don't allow redirection to a different host.
if not is_safe_url(url=next_page, host=request.get_host()):
next_page = request.path
if next_page:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page)
return HttpResponseRedirect('/')