Fixed #32698 -- Moved HttpRequest.get_raw_uri() to ExceptionReporter._get_raw_insecure_uri().
This commit is contained in:
parent
ca34db4650
commit
8bcb00858e
|
@ -180,17 +180,6 @@ class HttpRequest:
|
||||||
raise
|
raise
|
||||||
return value
|
return value
|
||||||
|
|
||||||
def get_raw_uri(self):
|
|
||||||
"""
|
|
||||||
Return an absolute URI from variables available in this request. Skip
|
|
||||||
allowed hosts protection, so may return insecure URI.
|
|
||||||
"""
|
|
||||||
return '{scheme}://{host}{path}'.format(
|
|
||||||
scheme=self.scheme,
|
|
||||||
host=self._get_raw_host(),
|
|
||||||
path=self.get_full_path(),
|
|
||||||
)
|
|
||||||
|
|
||||||
def build_absolute_uri(self, location=None):
|
def build_absolute_uri(self, location=None):
|
||||||
"""
|
"""
|
||||||
Build an absolute URI from the location and the variables available in
|
Build an absolute URI from the location and the variables available in
|
||||||
|
|
|
@ -274,6 +274,17 @@ class ExceptionReporter:
|
||||||
self.template_does_not_exist = False
|
self.template_does_not_exist = False
|
||||||
self.postmortem = None
|
self.postmortem = None
|
||||||
|
|
||||||
|
def _get_raw_insecure_uri(self):
|
||||||
|
"""
|
||||||
|
Return an absolute URI from variables available in this request. Skip
|
||||||
|
allowed hosts protection, so may return insecure URI.
|
||||||
|
"""
|
||||||
|
return '{scheme}://{host}{path}'.format(
|
||||||
|
scheme=self.request.scheme,
|
||||||
|
host=self.request._get_raw_host(),
|
||||||
|
path=self.request.get_full_path(),
|
||||||
|
)
|
||||||
|
|
||||||
def get_traceback_data(self):
|
def get_traceback_data(self):
|
||||||
"""Return a dictionary containing traceback information."""
|
"""Return a dictionary containing traceback information."""
|
||||||
if self.exc_type and issubclass(self.exc_type, TemplateDoesNotExist):
|
if self.exc_type and issubclass(self.exc_type, TemplateDoesNotExist):
|
||||||
|
@ -337,6 +348,8 @@ class ExceptionReporter:
|
||||||
c['request_GET_items'] = self.request.GET.items()
|
c['request_GET_items'] = self.request.GET.items()
|
||||||
c['request_FILES_items'] = self.request.FILES.items()
|
c['request_FILES_items'] = self.request.FILES.items()
|
||||||
c['request_COOKIES_items'] = self.request.COOKIES.items()
|
c['request_COOKIES_items'] = self.request.COOKIES.items()
|
||||||
|
c['request_insecure_uri'] = self._get_raw_insecure_uri()
|
||||||
|
|
||||||
# Check whether exception info is available
|
# Check whether exception info is available
|
||||||
if self.exc_type:
|
if self.exc_type:
|
||||||
c['exception_type'] = self.exc_type.__name__
|
c['exception_type'] = self.exc_type.__name__
|
||||||
|
|
|
@ -108,7 +108,7 @@
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<th>Request URL:</th>
|
<th>Request URL:</th>
|
||||||
<td>{{ request.get_raw_uri }}</td>
|
<td>{{ request_insecure_uri }}</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -289,7 +289,7 @@ Environment:
|
||||||
|
|
||||||
{% if request %}
|
{% if request %}
|
||||||
Request Method: {{ request.META.REQUEST_METHOD }}
|
Request Method: {{ request.META.REQUEST_METHOD }}
|
||||||
Request URL: {{ request.get_raw_uri }}
|
Request URL: {{ request_insecure_uri }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
Django Version: {{ django_version_info }}
|
Django Version: {{ django_version_info }}
|
||||||
Python Version: {{ sys_version_info }}
|
Python Version: {{ sys_version_info }}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
{% firstof exception_value 'No exception message supplied' %}
|
{% firstof exception_value 'No exception message supplied' %}
|
||||||
{% if request %}
|
{% if request %}
|
||||||
Request Method: {{ request.META.REQUEST_METHOD }}
|
Request Method: {{ request.META.REQUEST_METHOD }}
|
||||||
Request URL: {{ request.get_raw_uri }}{% endif %}
|
Request URL: {{ request_insecure_uri }}{% endif %}
|
||||||
Django Version: {{ django_version_info }}
|
Django Version: {{ django_version_info }}
|
||||||
Python Executable: {{ sys_executable }}
|
Python Executable: {{ sys_executable }}
|
||||||
Python Version: {{ sys_version_info }}
|
Python Version: {{ sys_version_info }}
|
||||||
|
|
|
@ -399,6 +399,9 @@ Miscellaneous
|
||||||
* The undocumented ``django.contrib.admin.utils.lookup_needs_distinct()``
|
* The undocumented ``django.contrib.admin.utils.lookup_needs_distinct()``
|
||||||
function is renamed to ``lookup_spawns_duplicates()``.
|
function is renamed to ``lookup_spawns_duplicates()``.
|
||||||
|
|
||||||
|
* The undocumented ``HttpRequest.get_raw_uri()`` method is removed. The
|
||||||
|
:meth:`.HttpRequest.build_absolute_uri` method may be a suitable alternative.
|
||||||
|
|
||||||
.. _deprecated-features-4.0:
|
.. _deprecated-features-4.0:
|
||||||
|
|
||||||
Features deprecated in 4.0
|
Features deprecated in 4.0
|
||||||
|
|
|
@ -558,18 +558,6 @@ class RequestsTests(SimpleTestCase):
|
||||||
with self.assertRaises(UnreadablePostError):
|
with self.assertRaises(UnreadablePostError):
|
||||||
request.FILES
|
request.FILES
|
||||||
|
|
||||||
@override_settings(ALLOWED_HOSTS=['example.com'])
|
|
||||||
def test_get_raw_uri(self):
|
|
||||||
factory = RequestFactory(HTTP_HOST='evil.com')
|
|
||||||
request = factory.get('////absolute-uri')
|
|
||||||
self.assertEqual(request.get_raw_uri(), 'http://evil.com//absolute-uri')
|
|
||||||
|
|
||||||
request = factory.get('/?foo=bar')
|
|
||||||
self.assertEqual(request.get_raw_uri(), 'http://evil.com/?foo=bar')
|
|
||||||
|
|
||||||
request = factory.get('/path/with:colons')
|
|
||||||
self.assertEqual(request.get_raw_uri(), 'http://evil.com/path/with:colons')
|
|
||||||
|
|
||||||
|
|
||||||
class HostValidationTests(SimpleTestCase):
|
class HostValidationTests(SimpleTestCase):
|
||||||
poisoned_hosts = [
|
poisoned_hosts = [
|
||||||
|
|
|
@ -942,6 +942,20 @@ class ExceptionReporterTests(SimpleTestCase):
|
||||||
reporter.get_traceback_text()
|
reporter.get_traceback_text()
|
||||||
m.assert_called_once_with(encoding='utf-8')
|
m.assert_called_once_with(encoding='utf-8')
|
||||||
|
|
||||||
|
@override_settings(ALLOWED_HOSTS=['example.com'])
|
||||||
|
def test_get_raw_insecure_uri(self):
|
||||||
|
factory = RequestFactory(HTTP_HOST='evil.com')
|
||||||
|
tests = [
|
||||||
|
('////absolute-uri', 'http://evil.com//absolute-uri'),
|
||||||
|
('/?foo=bar', 'http://evil.com/?foo=bar'),
|
||||||
|
('/path/with:colons', 'http://evil.com/path/with:colons'),
|
||||||
|
]
|
||||||
|
for url, expected in tests:
|
||||||
|
with self.subTest(url=url):
|
||||||
|
request = factory.get(url)
|
||||||
|
reporter = ExceptionReporter(request, None, None, None)
|
||||||
|
self.assertEqual(reporter._get_raw_insecure_uri(), expected)
|
||||||
|
|
||||||
|
|
||||||
class PlainTextReportTests(SimpleTestCase):
|
class PlainTextReportTests(SimpleTestCase):
|
||||||
rf = RequestFactory()
|
rf = RequestFactory()
|
||||||
|
|
Loading…
Reference in New Issue