mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Fixed #2092: added a "is_secure()" method to HttpRequest which correctly handles the subtleties of mod_python's interaction with os.environ. This one's been bugging me for about a *year*, so many many thanks to k.shaposhnikov@gmail.com for figuring it out, and Tim Shaffer for pointing out this ticket.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3410 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
8bdd19beea
commit
e9a236d86c
@ -28,7 +28,7 @@ def bookmarklets(request):
|
||||
# Hack! This couples this view to the URL it lives at.
|
||||
admin_root = request.path[:-len('doc/bookmarklets/')]
|
||||
return render_to_response('admin_doc/bookmarklets.html', {
|
||||
'admin_url': "%s://%s%s" % (os.environ.get('HTTPS') == 'on' and 'https' or 'http', get_host(request), admin_root),
|
||||
'admin_url': "%s://%s%s" % (request.is_secure() and 'https' or 'http', get_host(request), admin_root),
|
||||
}, context_instance=RequestContext(request))
|
||||
bookmarklets = staff_member_required(bookmarklets)
|
||||
|
||||
|
@ -23,6 +23,9 @@ class ModPythonRequest(http.HttpRequest):
|
||||
def get_full_path(self):
|
||||
return '%s%s' % (self.path, self._req.args and ('?' + self._req.args) or '')
|
||||
|
||||
def is_secure(self):
|
||||
return self._req.subprocess_env.has_key('HTTPS') and self._req.subprocess_env['HTTPS'] == 'on'
|
||||
|
||||
def _load_post_and_files(self):
|
||||
"Populates self._post and self._files"
|
||||
if self._req.headers_in.has_key('content-type') and self._req.headers_in['content-type'].startswith('multipart'):
|
||||
|
@ -54,7 +54,7 @@ class WSGIRequest(http.HttpRequest):
|
||||
def __init__(self, environ):
|
||||
self.environ = environ
|
||||
self.path = environ['PATH_INFO']
|
||||
self.META = environ
|
||||
self.META = environ
|
||||
self.method = environ['REQUEST_METHOD'].upper()
|
||||
|
||||
def __repr__(self):
|
||||
@ -66,6 +66,9 @@ class WSGIRequest(http.HttpRequest):
|
||||
def get_full_path(self):
|
||||
return '%s%s' % (self.path, self.environ.get('QUERY_STRING', '') and ('?' + self.environ.get('QUERY_STRING', '')) or '')
|
||||
|
||||
def is_secure(self):
|
||||
return self.environ.has_key('HTTPS') and self.environ['HTTPS'] == 'on'
|
||||
|
||||
def _load_post_and_files(self):
|
||||
# Populates self._post and self._files
|
||||
if self.method == 'POST':
|
||||
|
@ -1,3 +1,4 @@
|
||||
import os
|
||||
from Cookie import SimpleCookie
|
||||
from pprint import pformat
|
||||
from urllib import urlencode, quote
|
||||
@ -37,6 +38,9 @@ class HttpRequest(object):
|
||||
|
||||
def get_full_path(self):
|
||||
return ''
|
||||
|
||||
def is_secure(self):
|
||||
return os.environ.get("HTTPS") == "on"
|
||||
|
||||
def parse_file_upload(header_dict, post_data):
|
||||
"Returns a tuple of (POST MultiValueDict, FILES MultiValueDict)"
|
||||
|
@ -1,7 +1,7 @@
|
||||
from django.conf import settings
|
||||
from django import http
|
||||
from django.core.mail import mail_managers
|
||||
import md5, os
|
||||
import md5
|
||||
|
||||
class CommonMiddleware(object):
|
||||
"""
|
||||
@ -44,7 +44,7 @@ class CommonMiddleware(object):
|
||||
if new_url != old_url:
|
||||
# Redirect
|
||||
if new_url[0]:
|
||||
newurl = "%s://%s%s" % (os.environ.get('HTTPS') == 'on' and 'https' or 'http', new_url[0], new_url[1])
|
||||
newurl = "%s://%s%s" % (request.is_secure() and 'https' or 'http', new_url[0], new_url[1])
|
||||
else:
|
||||
newurl = new_url[1]
|
||||
if request.GET:
|
||||
|
@ -124,7 +124,7 @@ def technical_500_response(request, exc_type, exc_value, tb):
|
||||
'frames': frames,
|
||||
'lastframe': frames[-1],
|
||||
'request': request,
|
||||
'request_protocol': os.environ.get("HTTPS") == "on" and "https" or "http",
|
||||
'request_protocol': request.is_secure() and "https" or "http",
|
||||
'settings': get_safe_settings(),
|
||||
'template_info': template_info,
|
||||
'template_does_not_exist': template_does_not_exist,
|
||||
@ -149,7 +149,7 @@ def technical_404_response(request, exception):
|
||||
'urlpatterns': tried,
|
||||
'reason': str(exception),
|
||||
'request': request,
|
||||
'request_protocol': os.environ.get("HTTPS") == "on" and "https" or "http",
|
||||
'request_protocol': request.is_secure() and "https" or "http",
|
||||
'settings': get_safe_settings(),
|
||||
})
|
||||
return HttpResponseNotFound(t.render(c), mimetype='text/html')
|
||||
|
@ -134,21 +134,25 @@ Methods
|
||||
-------
|
||||
|
||||
``__getitem__(key)``
|
||||
Returns the GET/POST value for the given key, checking POST first, then
|
||||
GET. Raises ``KeyError`` if the key doesn't exist.
|
||||
Returns the GET/POST value for the given key, checking POST first, then
|
||||
GET. Raises ``KeyError`` if the key doesn't exist.
|
||||
|
||||
This lets you use dictionary-accessing syntax on an ``HttpRequest``
|
||||
instance. Example: ``request["foo"]`` would return ``True`` if either
|
||||
``request.POST`` or ``request.GET`` had a ``"foo"`` key.
|
||||
This lets you use dictionary-accessing syntax on an ``HttpRequest``
|
||||
instance. Example: ``request["foo"]`` would return ``True`` if either
|
||||
``request.POST`` or ``request.GET`` had a ``"foo"`` key.
|
||||
|
||||
``has_key()``
|
||||
Returns ``True`` or ``False``, designating whether ``request.GET`` or
|
||||
``request.POST`` has the given key.
|
||||
Returns ``True`` or ``False``, designating whether ``request.GET`` or
|
||||
``request.POST`` has the given key.
|
||||
|
||||
``get_full_path()``
|
||||
Returns the ``path``, plus an appended query string, if applicable.
|
||||
Returns the ``path``, plus an appended query string, if applicable.
|
||||
|
||||
Example: ``"/music/bands/the_beatles/?print=true"``
|
||||
Example: ``"/music/bands/the_beatles/?print=true"``
|
||||
|
||||
``is_secure()``
|
||||
Returns ``True`` if the request is secure; that is, if it was made with
|
||||
HTTPS.
|
||||
|
||||
QueryDict objects
|
||||
-----------------
|
||||
|
Loading…
Reference in New Issue
Block a user