p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #19321 -- Allowed redirect middleware HTTP responses to be overridden. 

Thanks Melevir for the suggestion.
This commit is contained in:
Ryan Kaskel 2013-05-20 20:22:38 +01:00 committed by Tim Graham
parent 36e220f923
commit 8b0014869f
4 changed files with 83 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
django/contrib/redirects/middleware.py
View File

@ -8,6 +8,11 @@ from django import http
class RedirectFallbackMiddleware(object): class RedirectFallbackMiddleware(object):
# Defined as class-level attributes to be subclassing-friendly.
response_gone_class = http.HttpResponseGone
response_redirect_class = http.HttpResponsePermanentRedirect
def __init__(self): def __init__(self):
if 'django.contrib.sites' not in settings.INSTALLED_APPS: if 'django.contrib.sites' not in settings.INSTALLED_APPS:
raise ImproperlyConfigured( raise ImproperlyConfigured(
@ -16,8 +21,9 @@ class RedirectFallbackMiddleware(object):
) )
def process_response(self, request, response): def process_response(self, request, response):
# No need to check for a redirect for non-404 responses.
if response.status_code != 404: if response.status_code != 404:
return response # No need to check for a redirect for non-404 responses. return response
full_path = request.get_full_path() full_path = request.get_full_path()
current_site = get_current_site(request) current_site = get_current_site(request)
@ -37,8 +43,8 @@ class RedirectFallbackMiddleware(object):
pass pass
if r is not None: if r is not None:
if r.new_path == '': if r.new_path == '':
return http.HttpResponseGone() return self.response_gone_class()
return http.HttpResponsePermanentRedirect(r.new_path) return self.response_redirect_class(r.new_path)
# No redirect was found. Return the response. # No redirect was found. Return the response.
return response return response

30
django/contrib/redirects/tests.py
View File

@ -1,3 +1,4 @@
from django import http
from django.conf import settings from django.conf import settings
from django.contrib.sites.models import Site from django.contrib.sites.models import Site
from django.core.exceptions import ImproperlyConfigured from django.core.exceptions import ImproperlyConfigured
@ -61,3 +62,32 @@ class RedirectTests(TestCase):
def test_sites_not_installed(self): def test_sites_not_installed(self):
with self.assertRaises(ImproperlyConfigured): with self.assertRaises(ImproperlyConfigured):
RedirectFallbackMiddleware() RedirectFallbackMiddleware()
class OverriddenRedirectFallbackMiddleware(RedirectFallbackMiddleware):
# Use HTTP responses different from the defaults
response_gone_class = http.HttpResponseForbidden
response_redirect_class = http.HttpResponseRedirect
@override_settings(
MIDDLEWARE_CLASSES=list(settings.MIDDLEWARE_CLASSES) +
['django.contrib.redirects.tests.OverriddenRedirectFallbackMiddleware'],
SITE_ID=1,
)
class OverriddenRedirectMiddlewareTests(TestCase):
def setUp(self):
self.site = Site.objects.get(pk=settings.SITE_ID)
def test_response_gone_class(self):
Redirect.objects.create(
site=self.site, old_path='/initial/', new_path='')
response = self.client.get('/initial/')
self.assertEqual(response.status_code, 403)
def test_response_redirect_class(self):
Redirect.objects.create(
site=self.site, old_path='/initial/', new_path='/new_target/')
response = self.client.get('/initial/')
self.assertEqual(response.status_code, 302)

39
docs/ref/contrib/redirects.txt
View File

@ -26,10 +26,11 @@ How it works
``manage.py migrate`` creates a ``django_redirect`` table in your database. This ``manage.py migrate`` creates a ``django_redirect`` table in your database. This
is a simple lookup table with ``site_id``, ``old_path`` and ``new_path`` fields. is a simple lookup table with ``site_id``, ``old_path`` and ``new_path`` fields.
The ``RedirectFallbackMiddleware`` does all of the work. Each time any Django The :class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
application raises a 404 error, this middleware checks the redirects database does all of the work. Each time any Django application raises a 404
for the requested URL as a last resort. Specifically, it checks for a redirect error, this middleware checks the redirects database for the requested
with the given ``old_path`` with a site ID that corresponds to the URL as a last resort. Specifically, it checks for a redirect with the
given ``old_path`` with a site ID that corresponds to the
:setting:`SITE_ID` setting. :setting:`SITE_ID` setting.
* If it finds a match, and ``new_path`` is not empty, it redirects to * If it finds a match, and ``new_path`` is not empty, it redirects to
@ -43,8 +44,8 @@ The middleware only gets activated for 404s -- not for 500s or responses of any
other status code. other status code.
Note that the order of :setting:`MIDDLEWARE_CLASSES` matters. Generally, you Note that the order of :setting:`MIDDLEWARE_CLASSES` matters. Generally, you
can put ``RedirectFallbackMiddleware`` at the end of the list, because it's a can put :class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
last resort. at the end of the list, because it's a last resort.
For more on middleware, read the :doc:`middleware docs For more on middleware, read the :doc:`middleware docs
</topics/http/middleware>`. </topics/http/middleware>`.
@ -69,3 +70,29 @@ Via the Python API
objects via the :doc:`Django database API </topics/db/queries>`. objects via the :doc:`Django database API </topics/db/queries>`.
.. _django/contrib/redirects/models.py: https://github.com/django/django/blob/master/django/contrib/redirects/models.py .. _django/contrib/redirects/models.py: https://github.com/django/django/blob/master/django/contrib/redirects/models.py
Middleware
==========
.. class:: middleware.RedirectFallbackMiddleware
You can change the :class:`~django.http.HttpResponse` classes used
by the middleware by creating a subclass of
:class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
and overriding ``response_gone_class`` and/or ``response_redirect_class``.
.. attribute:: response_gone_class
The :class:`~django.http.HttpResponse` class used when a
:class:`~django.contrib.redirects.models.Redirect` is not
found for the requested path or has a blank ``new_path``
value.
Defaults to :class:`~django.http.HttpResponseGone`.
.. attribute:: response_redirect_class
The :class:`~django.http.HttpResponse` class that handles the
redirect.
Defaults to :class:`~django.http.HttpResponsePermanentRedirect`.

11
docs/releases/1.7.txt
View File

@ -193,6 +193,17 @@ Minor features
follow the :setting:`SESSION_COOKIE_SECURE` and follow the :setting:`SESSION_COOKIE_SECURE` and
:setting:`SESSION_COOKIE_HTTPONLY` settings. :setting:`SESSION_COOKIE_HTTPONLY` settings.
:mod:`django.contrib.redirects`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* :class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
has two new attributes
(:attr:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware.response_gone_class`
and
:attr:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware.response_redirect_class`)
that specify the types of :class:`~django.http.HttpResponse` instances the
middleware returns.
:mod:`django.contrib.sessions` :mod:`django.contrib.sessions`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^