django1/django/contrib/flatpages/views.py

from django.conf import settings
from django.contrib.flatpages.models import FlatPage
from django.contrib.sites.shortcuts import get_current_site
from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect
from django.shortcuts import get_object_or_404
from django.template import loader
from django.utils.safestring import mark_safe
from django.views.decorators.csrf import csrf_protect

DEFAULT_TEMPLATE = 'flatpages/default.html'

# This view is called from FlatpageFallbackMiddleware.process_response
# when a 404 is raised, which often means CsrfViewMiddleware.process_view
# has not been called even if CsrfViewMiddleware is installed. So we need
# to use @csrf_protect, in case the template needs {% csrf_token %}.
# However, we can't just wrap this view; if no matching flatpage exists,
# or a redirect is required for authentication, the 404 needs to be returned
# without any CSRF checks. Therefore, we only
# CSRF protect the internal implementation.


def flatpage(request, url):
    """
    Public interface to the flat page view.

    Models: `flatpages.flatpages`
    Templates: Uses the template defined by the ``template_name`` field,
        or :template:`flatpages/default.html` if template_name is not defined.
    Context:
        flatpage
            `flatpages.flatpages` object
    """
    if not url.startswith('/'):
        url = '/' + url
    site_id = get_current_site(request).id
    try:
        f = get_object_or_404(FlatPage, url=url, sites=site_id)
    except Http404:
        if not url.endswith('/') and settings.APPEND_SLASH:
            url += '/'
            f = get_object_or_404(FlatPage, url=url, sites=site_id)
            return HttpResponsePermanentRedirect('%s/' % request.path)
        else:
            raise
    return render_flatpage(request, f)


@csrf_protect
def render_flatpage(request, f):
    """
    Internal interface to the flat page view.
    """
    # If registration is required for accessing this page, and the user isn't
    # logged in, redirect to the login page.
    if f.registration_required and not request.user.is_authenticated:
        from django.contrib.auth.views import redirect_to_login
        return redirect_to_login(request.path)
    if f.template_name:
        template = loader.select_template((f.template_name, DEFAULT_TEMPLATE))
    else:
        template = loader.get_template(DEFAULT_TEMPLATE)

    # To avoid having to always use the "|safe" filter in flatpage templates,
    # mark the title and content as already safe (since they are raw HTML
    # content in the first place).
    f.title = mark_safe(f.title)
    f.content = mark_safe(f.content)

    response = HttpResponse(template.render({'flatpage': f}, request))
    return response
MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-05-02 09:31:56 +08:00			`from django.conf import settings`
Prevented flatpage view from directly accessing settings.SITE_ID Refs #15089 2012-10-01 20:17:55 +08:00			`from django.contrib.flatpages.models import FlatPage`
Moved RequestSite and get_current_site. Following the app-loading refactor, these objects must live outside of django.contrib.sites.models because they must be available without importing the django.contrib.sites.models module when django.contrib.sites isn't installed. Refs #21680. Thanks Carl and Loic for reporting this issue. 2014-01-26 04:54:25 +08:00			`from django.contrib.sites.shortcuts import get_current_site`
Prevented flatpage view from directly accessing settings.SITE_ID Refs #15089 2012-10-01 20:17:55 +08:00			`from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect`
			`from django.shortcuts import get_object_or_404`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`from django.template import loader`
Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 See documentation in templates.txt and templates_python.txt for how everything works. Backwards incompatible if you're inserting raw HTML output via template variables. Based on an original design from Simon Willison and with debugging help from Michael Radziej. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-11-14 20:58:53 +08:00			`from django.utils.safestring import mark_safe`
Fixed #12358 - csrf_token template tag does not work with flatpages. Thanks to phretor for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12381 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-02-05 05:47:19 +08:00			`from django.views.decorators.csrf import csrf_protect`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00
MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-05-02 09:31:56 +08:00			`DEFAULT_TEMPLATE = 'flatpages/default.html'`
Made a small improvement to django.views.core.flatfiles so that it only uses select_template if a custom template is available, so as not to hit the filesystem. git-svn-id: http://code.djangoproject.com/svn/django/trunk@677 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-09-24 06:09:42 +08:00
Fixed #12358 - csrf_token template tag does not work with flatpages. Thanks to phretor for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12381 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-02-05 05:47:19 +08:00			`# This view is called from FlatpageFallbackMiddleware.process_response`
			`# when a 404 is raised, which often means CsrfViewMiddleware.process_view`
			`# has not been called even if CsrfViewMiddleware is installed. So we need`
			`# to use @csrf_protect, in case the template needs {% csrf_token %}.`
Fixed #14156 -- Modified the way CSRF protection is applied to flatpages so that the flatpage middleware doesn't cause all POSTs resulting in 404s to turn into 403s. Thanks to patrys for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13641 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-08-27 21:55:11 +08:00			`# However, we can't just wrap this view; if no matching flatpage exists,`
			`# or a redirect is required for authentication, the 404 needs to be returned`
			`# without any CSRF checks. Therefore, we only`
			`# CSRF protect the internal implementation.`
Started attackign the next flake8 violation 2013-10-31 23:42:28 +08:00

BACKWARDS-INCOMPATIBLE CHANGE -- Moved flatpages and redirects to standalone apps in django.contrib that are NOT installed by default. See http://code.djangoproject.com/wiki/BackwardsIncompatibleChanges for full migration information. git-svn-id: http://code.djangoproject.com/svn/django/trunk@1166 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-11-11 12:45:05 +08:00			`def flatpage(request, url):`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`"""`
Fixed #14156 -- Modified the way CSRF protection is applied to flatpages so that the flatpage middleware doesn't cause all POSTs resulting in 404s to turn into 403s. Thanks to patrys for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13641 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-08-27 21:55:11 +08:00			`Public interface to the flat page view.`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00
BACKWARDS-INCOMPATIBLE CHANGE -- Moved flatpages and redirects to standalone apps in django.contrib that are NOT installed by default. See http://code.djangoproject.com/wiki/BackwardsIncompatibleChanges for full migration information. git-svn-id: http://code.djangoproject.com/svn/django/trunk@1166 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-11-11 12:45:05 +08:00			Models: `flatpages.flatpages`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			Templates: Uses the template defined by the ``template_name`` field,
Add reST role to templates named in some view docs. This makes the templates link up correctly in the admindocs. 2012-06-27 09:17:15 +08:00			or :template:`flatpages/default.html` if template_name is not defined.
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`Context:`
BACKWARDS-INCOMPATIBLE CHANGE -- Moved flatpages and redirects to standalone apps in django.contrib that are NOT installed by default. See http://code.djangoproject.com/wiki/BackwardsIncompatibleChanges for full migration information. git-svn-id: http://code.djangoproject.com/svn/django/trunk@1166 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-11-11 12:45:05 +08:00			`flatpage`
			`flatpages.flatpages` object
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`"""`
			`if not url.startswith('/'):`
Fixed #6213 -- Updated the flatpages app to only append a slash if the flatpage actually exist. The FlatpageFallbackMiddleware (and the view) now only add a trailing slash and redirect if the resulting URL refers to an existing flatpage. Previously requesting /notaflatpageoravalidurl would redirect to /notaflatpageoravalidurl/, which would then raise a 404. Requesting /notaflatpageoravalidurl now will immediately raise a 404. Also, Redirects returned by flatpages are now permanent (301 status code) to match the behaviour of the CommonMiddleware. Thanks to Steve Losh for the initial work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16048 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-04-20 22:41:47 +08:00			`url = '/' + url`
Prevented flatpage view from directly accessing settings.SITE_ID Refs #15089 2012-10-01 20:17:55 +08:00			`site_id = get_current_site(request).id`
Fixed #6213 -- Updated the flatpages app to only append a slash if the flatpage actually exist. The FlatpageFallbackMiddleware (and the view) now only add a trailing slash and redirect if the resulting URL refers to an existing flatpage. Previously requesting /notaflatpageoravalidurl would redirect to /notaflatpageoravalidurl/, which would then raise a 404. Requesting /notaflatpageoravalidurl now will immediately raise a 404. Also, Redirects returned by flatpages are now permanent (301 status code) to match the behaviour of the CommonMiddleware. Thanks to Steve Losh for the initial work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16048 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-04-20 22:41:47 +08:00			`try:`
Fixed E128 flake8 warnings in django/. 2016-03-29 06:33:29 +08:00			`f = get_object_or_404(FlatPage, url=url, sites=site_id)`
Fixed #6213 -- Updated the flatpages app to only append a slash if the flatpage actually exist. The FlatpageFallbackMiddleware (and the view) now only add a trailing slash and redirect if the resulting URL refers to an existing flatpage. Previously requesting /notaflatpageoravalidurl would redirect to /notaflatpageoravalidurl/, which would then raise a 404. Requesting /notaflatpageoravalidurl now will immediately raise a 404. Also, Redirects returned by flatpages are now permanent (301 status code) to match the behaviour of the CommonMiddleware. Thanks to Steve Losh for the initial work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16048 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-04-20 22:41:47 +08:00			`except Http404:`
			`if not url.endswith('/') and settings.APPEND_SLASH:`
			`url += '/'`
Fixed E128 flake8 warnings in django/. 2016-03-29 06:33:29 +08:00			`f = get_object_or_404(FlatPage, url=url, sites=site_id)`
Fixed #6213 -- Updated the flatpages app to only append a slash if the flatpage actually exist. The FlatpageFallbackMiddleware (and the view) now only add a trailing slash and redirect if the resulting URL refers to an existing flatpage. Previously requesting /notaflatpageoravalidurl would redirect to /notaflatpageoravalidurl/, which would then raise a 404. Requesting /notaflatpageoravalidurl now will immediately raise a 404. Also, Redirects returned by flatpages are now permanent (301 status code) to match the behaviour of the CommonMiddleware. Thanks to Steve Losh for the initial work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16048 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-04-20 22:41:47 +08:00			`return HttpResponsePermanentRedirect('%s/' % request.path)`
			`else:`
			`raise`
Fixed #14156 -- Modified the way CSRF protection is applied to flatpages so that the flatpage middleware doesn't cause all POSTs resulting in 404s to turn into 403s. Thanks to patrys for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13641 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-08-27 21:55:11 +08:00			`return render_flatpage(request, f)`

Started attackign the next flake8 violation 2013-10-31 23:42:28 +08:00
Fixed #14156 -- Modified the way CSRF protection is applied to flatpages so that the flatpage middleware doesn't cause all POSTs resulting in 404s to turn into 403s. Thanks to patrys for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13641 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-08-27 21:55:11 +08:00			`@csrf_protect`
			`def render_flatpage(request, f):`
			`"""`
			`Internal interface to the flat page view.`
			`"""`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`# If registration is required for accessing this page, and the user isn't`
			`# logged in, redirect to the login page.`
Fixed #25847 -- Made User.is_(anonymous\|authenticated) properties. 2016-04-02 19:18:26 +08:00			`if f.registration_required and not request.user.is_authenticated:`
MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-05-02 09:31:56 +08:00			`from django.contrib.auth.views import redirect_to_login`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`return redirect_to_login(request.path)`
Made a small improvement to django.views.core.flatfiles so that it only uses select_template if a custom template is available, so as not to hit the filesystem. git-svn-id: http://code.djangoproject.com/svn/django/trunk@677 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-09-24 06:09:42 +08:00			`if f.template_name:`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`template = loader.select_template((f.template_name, DEFAULT_TEMPLATE))`
Made a small improvement to django.views.core.flatfiles so that it only uses select_template if a custom template is available, so as not to hit the filesystem. git-svn-id: http://code.djangoproject.com/svn/django/trunk@677 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-09-24 06:09:42 +08:00			`else:`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`template = loader.get_template(DEFAULT_TEMPLATE)`
Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 See documentation in templates.txt and templates_python.txt for how everything works. Backwards incompatible if you're inserting raw HTML output via template variables. Based on an original design from Simon Willison and with debugging help from Michael Radziej. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-11-14 20:58:53 +08:00
			`# To avoid having to always use the "\|safe" filter in flatpage templates,`
			`# mark the title and content as already safe (since they are raw HTML`
			`# content in the first place).`
			`f.title = mark_safe(f.title)`
			`f.content = mark_safe(f.content)`

Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`response = HttpResponse(template.render({'flatpage': f}, request))`
Fixed #2581 -- Added populate_xheaders() call to flatpage view. Thanks for the patch, dummy@habmalnefrage.de git-svn-id: http://code.djangoproject.com/svn/django/trunk@3650 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-23 10:05:05 +08:00			`return response`