test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #12070. Fixed a case where var._whatever wasn't raising a TemplateSyntaxError. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Joseph Kocherhans 2010-02-23 18:50:57 +00:00
parent 7352238e16
commit fd233f40d1
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
django/template/__init__.py
View File

@ -538,8 +538,6 @@ class FilterExpression(object):
var_obj = None
elif var is None:
raise TemplateSyntaxError("Could not find variable at start of %s." % token)
elif var.find(VARIABLE_ATTRIBUTE_SEPARATOR + '_') > -1 or var[0] == '_':
raise TemplateSyntaxError("Variables and attributes may not begin with underscores: '%s'" % var)
else:
var_obj = Variable(var)
else:
@ -698,6 +696,8 @@ class Variable(object):
except ValueError:
# Otherwise we'll set self.lookups so that resolve() knows we're
# dealing with a bonafide variable
if var.find(VARIABLE_ATTRIBUTE_SEPARATOR + '_') > -1 or var[0] == '_':
raise TemplateSyntaxError("Variables and attributes may not begin with underscores: '%s'" % var)
self.lookups = tuple(var.split(VARIABLE_ATTRIBUTE_SEPARATOR))
def resolve(self, context):

13
tests/regressiontests/templates/parser.py
View File

@ -76,6 +76,13 @@ u"Some 'Bad' News"
[]
>>> fe.var
u'Some "Good" News'
Filtered variables should reject access of attributes beginning with underscores.
>>> FilterExpression('article._hidden|upper', p)
Traceback (most recent call last):
...
TemplateSyntaxError: Variables and attributes may not begin with underscores: 'article._hidden'
"""
variable_parsing = r"""
@ -105,4 +112,10 @@ u'Some "Good" News'
>>> Variable(ur"'Some \'Better\' News'").resolve(c)
u"Some 'Better' News"
Variables should reject access of attributes beginning with underscores.
>>> Variable('article._hidden')
Traceback (most recent call last):
...
TemplateSyntaxError: Variables and attributes may not begin with underscores: 'article._hidden'
"""