Fixed #12070. Fixed a case where var._whatever wasn't raising a TemplateSyntaxError.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
7352238e16
commit
fd233f40d1
|
@ -538,8 +538,6 @@ class FilterExpression(object):
|
||||||
var_obj = None
|
var_obj = None
|
||||||
elif var is None:
|
elif var is None:
|
||||||
raise TemplateSyntaxError("Could not find variable at start of %s." % token)
|
raise TemplateSyntaxError("Could not find variable at start of %s." % token)
|
||||||
elif var.find(VARIABLE_ATTRIBUTE_SEPARATOR + '_') > -1 or var[0] == '_':
|
|
||||||
raise TemplateSyntaxError("Variables and attributes may not begin with underscores: '%s'" % var)
|
|
||||||
else:
|
else:
|
||||||
var_obj = Variable(var)
|
var_obj = Variable(var)
|
||||||
else:
|
else:
|
||||||
|
@ -698,6 +696,8 @@ class Variable(object):
|
||||||
except ValueError:
|
except ValueError:
|
||||||
# Otherwise we'll set self.lookups so that resolve() knows we're
|
# Otherwise we'll set self.lookups so that resolve() knows we're
|
||||||
# dealing with a bonafide variable
|
# dealing with a bonafide variable
|
||||||
|
if var.find(VARIABLE_ATTRIBUTE_SEPARATOR + '_') > -1 or var[0] == '_':
|
||||||
|
raise TemplateSyntaxError("Variables and attributes may not begin with underscores: '%s'" % var)
|
||||||
self.lookups = tuple(var.split(VARIABLE_ATTRIBUTE_SEPARATOR))
|
self.lookups = tuple(var.split(VARIABLE_ATTRIBUTE_SEPARATOR))
|
||||||
|
|
||||||
def resolve(self, context):
|
def resolve(self, context):
|
||||||
|
|
|
@ -76,6 +76,13 @@ u"Some 'Bad' News"
|
||||||
[]
|
[]
|
||||||
>>> fe.var
|
>>> fe.var
|
||||||
u'Some "Good" News'
|
u'Some "Good" News'
|
||||||
|
|
||||||
|
Filtered variables should reject access of attributes beginning with underscores.
|
||||||
|
|
||||||
|
>>> FilterExpression('article._hidden|upper', p)
|
||||||
|
Traceback (most recent call last):
|
||||||
|
...
|
||||||
|
TemplateSyntaxError: Variables and attributes may not begin with underscores: 'article._hidden'
|
||||||
"""
|
"""
|
||||||
|
|
||||||
variable_parsing = r"""
|
variable_parsing = r"""
|
||||||
|
@ -105,4 +112,10 @@ u'Some "Good" News'
|
||||||
>>> Variable(ur"'Some \'Better\' News'").resolve(c)
|
>>> Variable(ur"'Some \'Better\' News'").resolve(c)
|
||||||
u"Some 'Better' News"
|
u"Some 'Better' News"
|
||||||
|
|
||||||
|
Variables should reject access of attributes beginning with underscores.
|
||||||
|
|
||||||
|
>>> Variable('article._hidden')
|
||||||
|
Traceback (most recent call last):
|
||||||
|
...
|
||||||
|
TemplateSyntaxError: Variables and attributes may not begin with underscores: 'article._hidden'
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in New Issue