Altered the behavior of URLField to avoid a potential DOS vector, and to avoid potential leakage of local filesystem data. A security announcement will be made shortly.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16760 bcc190cf-cafb-0310-a4f2-bffc1f526a37

tests/modeltests/validation/__init__.py

@@ -1,8 +1,8 @@
-from django.utils import unittest
+from django.test import TestCase
 
 from django.core.exceptions import ValidationError
 
-class ValidationTestCase(unittest.TestCase):
+class ValidationTestCase(TestCase):
     def assertFailsValidation(self, clean, failed_fields):
         self.assertRaises(ValidationError, clean)
         try:

tests/modeltests/validation/models.py

@@ -14,6 +14,7 @@ class ModelToValidate(models.Model):
     parent = models.ForeignKey('self', blank=True, null=True, limit_choices_to={'number': 10})
     email = models.EmailField(blank=True)
     url = models.URLField(blank=True)
+    url_verify = models.URLField(blank=True, verify_exists=True)
     f_with_custom_validator = models.IntegerField(blank=True, null=True, validators=[validate_answer_to_universe])
 
     def clean(self):

tests/modeltests/validation/tests.py

@@ -1,3 +1,5 @@
+import warnings
+
 from django import forms
 from django.test import TestCase
 from django.core.exceptions import NON_FIELD_ERRORS
@@ -14,6 +16,14 @@ from modeltests.validation.test_custom_messages import CustomMessagesTest
 
 class BaseModelValidationTests(ValidationTestCase):
 
+    def setUp(self):
+        self.save_warnings_state()
+        warnings.filterwarnings('ignore', category=DeprecationWarning,
+                                module='django.core.validators')
+
+    def tearDown(self):
+        self.restore_warnings_state()
+
     def test_missing_required_field_raises_error(self):
         mtv = ModelToValidate(f_with_custom_validator=42)
         self.assertFailsValidation(mtv.full_clean, ['name', 'number'])
@@ -54,25 +64,22 @@ class BaseModelValidationTests(ValidationTestCase):
         mtv = ModelToValidate(number=10, name='Some Name', url='not a url')
         self.assertFieldFailsValidationWithMessage(mtv.full_clean, 'url', [u'Enter a valid value.'])
 
+    #The tests below which use url_verify are deprecated
     def test_correct_url_but_nonexisting_gives_404(self):
-        mtv = ModelToValidate(number=10, name='Some Name', url='http://google.com/we-love-microsoft.html')
-        self.assertFieldFailsValidationWithMessage(mtv.full_clean, 'url', [u'This URL appears to be a broken link.'])
+        mtv = ModelToValidate(number=10, name='Some Name', url_verify='http://qa-dev.w3.org/link-testsuite/http.php?code=404')
+        self.assertFieldFailsValidationWithMessage(mtv.full_clean, 'url_verify', [u'This URL appears to be a broken link.'])
 
     def test_correct_url_value_passes(self):
-        mtv = ModelToValidate(number=10, name='Some Name', url='http://www.example.com/')
+        mtv = ModelToValidate(number=10, name='Some Name', url_verify='http://www.google.com/')
+        self.assertEqual(None, mtv.full_clean()) # This will fail if there's no Internet connection
+
+    def test_correct_url_with_redirect(self):
+        mtv = ModelToValidate(number=10, name='Some Name', url_verify='http://qa-dev.w3.org/link-testsuite/http.php?code=301') #example.com is a redirect to iana.org now
         self.assertEqual(None, mtv.full_clean()) # This will fail if there's no Internet connection
 
     def test_correct_https_url_but_nonexisting(self):
-        mtv = ModelToValidate(number=10, name='Some Name', url='https://www.example.com/')
-        self.assertFieldFailsValidationWithMessage(mtv.full_clean, 'url', [u'This URL appears to be a broken link.'])
-
-    def test_correct_ftp_url_but_nonexisting(self):
-        mtv = ModelToValidate(number=10, name='Some Name', url='ftp://ftp.google.com/we-love-microsoft.html')
-        self.assertFieldFailsValidationWithMessage(mtv.full_clean, 'url', [u'This URL appears to be a broken link.'])
-
-    def test_correct_ftps_url_but_nonexisting(self):
-        mtv = ModelToValidate(number=10, name='Some Name', url='ftps://ftp.google.com/we-love-microsoft.html')
-        self.assertFieldFailsValidationWithMessage(mtv.full_clean, 'url', [u'This URL appears to be a broken link.'])
+        mtv = ModelToValidate(number=10, name='Some Name', url_verify='https://www.example.com/')
+        self.assertFieldFailsValidationWithMessage(mtv.full_clean, 'url_verify', [u'This URL appears to be a broken link.'])
 
     def test_text_greater_that_charfields_max_length_raises_erros(self):
         mtv = ModelToValidate(number=10, name='Some Name'*100)