test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #20650 -- Fixed {% filter %} incorrectly accepting 'escape' as argument 

Thanks to grzesiof for the report and to loic84 and Alex Gaynor
for the review.
This commit is contained in:
Baptiste Mispelon 2013-06-25 20:28:35 +02:00
parent b91787910c
commit ec371ace00
3 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
django/template/base.py
View File

@ -1101,6 +1101,7 @@ class Library(object):
# for decorators that need it e.g. stringfilter # for decorators that need it e.g. stringfilter
if hasattr(filter_func, "_decorated_function"): if hasattr(filter_func, "_decorated_function"):
setattr(filter_func._decorated_function, attr, value) setattr(filter_func._decorated_function, attr, value)
filter_func._filter_name = name
return filter_func return filter_func
else: else:
raise InvalidTemplateLibrary("Unsupported arguments to " raise InvalidTemplateLibrary("Unsupported arguments to "

5
django/template/defaulttags.py
View File

@ -665,8 +665,9 @@ def do_filter(parser, token):
_, rest = token.contents.split(None, 1) _, rest = token.contents.split(None, 1)
filter_expr = parser.compile_filter("var|%s" % (rest)) filter_expr = parser.compile_filter("var|%s" % (rest))
for func, unused in filter_expr.filters: for func, unused in filter_expr.filters:
if getattr(func, '_decorated_function', func).__name__ in ('escape', 'safe'): filter_name = getattr(func, '_filter_name', None)
raise TemplateSyntaxError('"filter %s" is not permitted. Use the "autoescape" tag instead.' % func.__name__) if filter_name in ('escape', 'safe'):
raise TemplateSyntaxError('"filter %s" is not permitted. Use the "autoescape" tag instead.' % filter_name)
nodelist = parser.parse(('endfilter',)) nodelist = parser.parse(('endfilter',))
parser.delete_first_token() parser.delete_first_token()
return FilterNode(filter_expr, nodelist) return FilterNode(filter_expr, nodelist)

4
tests/template_tests/tests.py
View File

@ -854,6 +854,10 @@ class TemplateTests(TransRealMixin, TestCase):
'filter02': ('{% filter upper %}django{% endfilter %}', {}, 'DJANGO'), 'filter02': ('{% filter upper %}django{% endfilter %}', {}, 'DJANGO'),
'filter03': ('{% filter upper|lower %}django{% endfilter %}', {}, 'django'), 'filter03': ('{% filter upper|lower %}django{% endfilter %}', {}, 'django'),
'filter04': ('{% filter cut:remove %}djangospam{% endfilter %}', {'remove': 'spam'}, 'django'), 'filter04': ('{% filter cut:remove %}djangospam{% endfilter %}', {'remove': 'spam'}, 'django'),
'filter05': ('{% filter safe %}fail{% endfilter %}', {}, template.TemplateSyntaxError),
'filter05bis': ('{% filter upper|safe %}fail{% endfilter %}', {}, template.TemplateSyntaxError),
'filter06': ('{% filter escape %}fail{% endfilter %}', {}, template.TemplateSyntaxError),
'filter06bis': ('{% filter upper|escape %}fail{% endfilter %}', {}, template.TemplateSyntaxError),
### FIRSTOF TAG ########################################################### ### FIRSTOF TAG ###########################################################
'firstof01': ('{% firstof a b c %}', {'a':0,'b':0,'c':0}, ''), 'firstof01': ('{% firstof a b c %}', {'a':0,'b':0,'c':0}, ''),