Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().

Per deprecation timeline.
This commit is contained in:
Tim Graham 2017-09-02 20:12:27 -04:00
parent e47b56d791
commit 96107e2844
3 changed files with 3 additions and 17 deletions

View File

@ -3,7 +3,6 @@ import calendar
import datetime
import re
import unicodedata
import warnings
from binascii import Error as BinasciiError
from email.utils import formatdate
from urllib.parse import (
@ -14,7 +13,6 @@ from urllib.parse import (
from django.core.exceptions import TooManyFieldsSent
from django.utils.datastructures import MultiValueDict
from django.utils.deprecation import RemovedInDjango21Warning
from django.utils.encoding import force_bytes
from django.utils.functional import keep_lazy_text
@ -264,7 +262,7 @@ def is_same_domain(host, pattern):
)
def is_safe_url(url, host=None, allowed_hosts=None, require_https=False):
def is_safe_url(url, allowed_hosts=None, require_https=False):
"""
Return ``True`` if the url is a safe redirection (i.e. it doesn't point to
a different host and uses a safe scheme).
@ -280,14 +278,6 @@ def is_safe_url(url, host=None, allowed_hosts=None, require_https=False):
return False
if allowed_hosts is None:
allowed_hosts = set()
if host:
warnings.warn(
"The host argument is deprecated, use allowed_hosts instead.",
RemovedInDjango21Warning,
stacklevel=2,
)
# Avoid mutating the passed in allowed_hosts.
allowed_hosts = allowed_hosts | {host}
# Chrome treats \ completely as / in paths but it could be part of some
# basic auth credentials so we need to check both URLs.
return (_is_safe_url(url, allowed_hosts, require_https=require_https) and

View File

@ -239,3 +239,5 @@ how to remove usage of these features.
* ``django.core.cache.backends.memcached.PyLibMCCache`` no longer supports
passing ``pylibmc`` behavior settings as top-level attributes of ``OPTIONS``.
* The ``host`` parameter of ``django.utils.http.is_safe_url()`` is removed.

View File

@ -1,10 +1,8 @@
import unittest
from datetime import datetime
from django.test import ignore_warnings
from django.utils import http
from django.utils.datastructures import MultiValueDict
from django.utils.deprecation import RemovedInDjango21Warning
class TestUtilsHttp(unittest.TestCase):
@ -107,8 +105,6 @@ class TestUtilsHttp(unittest.TestCase):
'http://2001:cdba:0000:0000:0000:0000:3257:9652]/',
)
for bad_url in bad_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertFalse(http.is_safe_url(bad_url, host='testserver'), "%s should be blocked" % bad_url)
self.assertFalse(
http.is_safe_url(bad_url, allowed_hosts={'testserver', 'testserver2'}),
"%s should be blocked" % bad_url,
@ -127,8 +123,6 @@ class TestUtilsHttp(unittest.TestCase):
'path/http:2222222222',
)
for good_url in good_urls:
with ignore_warnings(category=RemovedInDjango21Warning):
self.assertTrue(http.is_safe_url(good_url, host='testserver'), "%s should be allowed" % good_url)
self.assertTrue(
http.is_safe_url(good_url, allowed_hosts={'otherserver', 'testserver'}),
"%s should be allowed" % good_url,