git.ithinksw.org
/
philo.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Made new windows position themselves randomly.
[philo.git]
/
validators.py
diff --git
a/validators.py
b/validators.py
index
106db8b
..
8b39abd
100644
(file)
--- a/
validators.py
+++ b/
validators.py
@@
-1,15
+1,17
@@
from django.utils.translation import ugettext_lazy as _
from django.core.validators import RegexValidator
from django.core.exceptions import ValidationError
from django.utils.translation import ugettext_lazy as _
from django.core.validators import RegexValidator
from django.core.exceptions import ValidationError
+from django.template import Template, Parser, Lexer, TOKEN_BLOCK, TOKEN_VAR, TemplateSyntaxError
from django.utils import simplejson as json
import re
from django.utils import simplejson as json
import re
+from philo.utils import LOADED_TEMPLATE_ATTR
-LOADED_TEMPLATE_ATTR = '_philo_loaded_template'
INSECURE_TAGS = (
'load',
'extends',
'include',
INSECURE_TAGS = (
'load',
'extends',
'include',
+ 'debug',
)
)
@@
-43,11
+45,8
@@
class URLLinkValidator(RegexValidator):
def json_validator(value):
try:
json.loads(value)
def json_validator(value):
try:
json.loads(value)
- except:
- raise ValidationError(u'\'%s\' is not valid JSON' % value)
-
-
-from django.template import Template, Parser, Lexer, TOKEN_BLOCK
+ except Exception, e:
+ raise ValidationError(u'JSON decode error: %s' % e)
class TemplateValidationParser(Parser):
class TemplateValidationParser(Parser):
@@
-59,7
+58,7
@@
class TemplateValidationParser(Parser):
if secure:
disallow |= set(INSECURE_TAGS)
if secure:
disallow |= set(INSECURE_TAGS)
- self.allow, self.disallow
= allow, disallow
+ self.allow, self.disallow
, self.secure = allow, disallow, secure
def parse(self, parse_until=None):
if parse_until is None:
def parse(self, parse_until=None):
if parse_until is None:
@@
-112,7
+111,9
@@
class TemplateValidationParser(Parser):
return nodelist
def disallowed_tag(self, command):
return nodelist
def disallowed_tag(self, command):
- raise ValidationError("Tag not allowed: %s" % command)
+ if self.secure and command in INSECURE_TAGS:
+ raise ValidationError('Tag "%s" is not permitted for security reasons.' % command)
+ raise ValidationError('Tag "%s" is not permitted here.' % command)
class TemplateValidator(object):
class TemplateValidator(object):