exceptions
middleware
signals
+ validators
Indices and tables
==================
--- /dev/null
+Validators
+==========
+
+.. automodule:: philo.validators
+ :members:
from django.forms.models import model_to_dict
from philo.models import TreeEntity, Node, TreeManager, Entity, TargetURLModel
-from philo.validators import RedirectValidator
DEFAULT_NAVIGATION_DEPTH = 3
from django.conf.urls.defaults import patterns, url
from django.contrib import messages
from django.core.exceptions import ValidationError
+from django.core.validators import URLValidator
from django.db import models
from django.http import HttpResponseRedirect, Http404, HttpResponse
from django.utils import simplejson as json
from philo.exceptions import ViewCanNotProvideSubpath
from philo.models import MultiView, Page
from philo.models.fields import SlugMultipleChoiceField
-from philo.validators import RedirectValidator
eventlet = None
if getattr(settings, 'SOBOL_USE_EVENTLET', False):
class ResultURL(models.Model):
search = models.ForeignKey(Search, related_name='result_urls')
- url = models.TextField(validators=[RedirectValidator()])
+ url = models.TextField(validators=[URLValidator()])
def __unicode__(self):
return self.url
from philo.models.base import TreeEntity, Entity, QuerySetMapper, register_value_model
from philo.models.fields import JSONField
from philo.utils import ContentTypeSubclassLimiter
-from philo.validators import RedirectValidator
from philo.signals import view_about_to_render, view_finished_rendering
"""An abstract parent class for models which deal in targeting a url."""
#: An optional :class:`ForeignKey` to a :class:`Node`. If provided, that node will be used as the basis for the redirect.
target_node = models.ForeignKey(Node, blank=True, null=True, related_name="%(app_label)s_%(class)s_related")
- #: A :class:`CharField` which may contain an absolute or relative URL. This will be validated with :class:`philo.validators.RedirectValidator`.
- url_or_subpath = models.CharField(max_length=200, validators=[RedirectValidator()], blank=True, help_text="Point to this url or, if a node is defined and accepts subpaths, this subpath of the node.")
+ #: A :class:`CharField` which may contain an absolute or relative URL, or the name of a node's subpath.
+ url_or_subpath = models.CharField(max_length=200, blank=True, help_text="Point to this url or, if a node is defined and accepts subpaths, this subpath of the node.")
#: A :class:`~philo.models.fields.JSONField` instance. If the value of :attr:`reversing_parameters` is not None, the :attr:`url_or_subpath` will be treated as the name of a view to be reversed. The value of :attr:`reversing_parameters` will be passed into the reversal as args if it is a list or as kwargs if it is a dictionary. Otherwise it will be ignored.
reversing_parameters = JSONField(blank=True, help_text="If reversing parameters are defined, url_or_subpath will instead be interpreted as the view name to be reversed.")
import re
from django.core.exceptions import ValidationError
-from django.core.validators import RegexValidator
from django.template import Template, Parser, Lexer, TOKEN_BLOCK, TOKEN_VAR, TemplateSyntaxError
from django.utils import simplejson as json
from django.utils.html import escape, mark_safe
from philo.utils import LOADED_TEMPLATE_ATTR
+#: Tags which are considered insecure and are therefore always disallowed by secure :class:`TemplateValidator` instances.
INSECURE_TAGS = (
'load',
'extends',
)
-class RedirectValidator(RegexValidator):
- """Based loosely on the URLValidator, but no option to verify_exists"""
- regex = re.compile(
- r'^(?:https?://' # http:// or https://
- r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain...
- r'localhost|' #localhost...
- r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
- r'(?::\d+)?' # optional port
- r'(?:/?|[/?#]?\S+)|'
- r'[^?#\s]\S*)$',
- re.IGNORECASE)
- message = _(u'Enter a valid absolute or relative redirect target')
-
-
-class URLLinkValidator(RegexValidator):
- """Based loosely on the URLValidator, but no option to verify_exists"""
- regex = re.compile(
- r'^(?:https?://' # http:// or https://
- r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain...
- r'localhost|' #localhost...
- r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
- r'(?::\d+)?' # optional port
- r'|)' # also allow internal links
- r'(?:/?|[/?#]?\S+)$', re.IGNORECASE)
- message = _(u'Enter a valid absolute or relative redirect target')
-
-
def json_validator(value):
+ """Validates whether ``value`` is a valid json string."""
try:
json.loads(value)
except Exception, e:
class TemplateValidator(object):
+ """
+ Validates whether a string represents valid Django template code.
+
+ :param allow: ``None`` or an iterable of tag names which are explicitly allowed. If provided, tags whose names are not in the iterable will cause a ValidationError to be raised if they are used in the template code.
+ :param disallow: ``None`` or an iterable of tag names which are explicitly allowed. If provided, tags whose names are in the iterable will cause a ValidationError to be raised if they are used in the template code. If a tag's name is in ``allow`` and ``disallow``, it will be disallowed.
+ :param secure: If the validator is set to secure, it will automatically disallow the tag names listed in :const:`INSECURE_TAGS`. Defaults to ``True``.
+
+ """
def __init__(self, allow=None, disallow=None, secure=True):
self.allow = allow
self.disallow = disallow