mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Fixed #2092: added a "is_secure()" method to HttpRequest which correctly handles the subtleties of mod_python's interaction with os.environ. This one's been bugging me for about a *year*, so many many thanks to k.shaposhnikov@gmail.com for figuring it out, and Tim Shaffer for pointing out this ticket.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3410 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -28,7 +28,7 @@ def bookmarklets(request): | |||||||
|     # Hack! This couples this view to the URL it lives at. |     # Hack! This couples this view to the URL it lives at. | ||||||
|     admin_root = request.path[:-len('doc/bookmarklets/')] |     admin_root = request.path[:-len('doc/bookmarklets/')] | ||||||
|     return render_to_response('admin_doc/bookmarklets.html', { |     return render_to_response('admin_doc/bookmarklets.html', { | ||||||
|         'admin_url': "%s://%s%s" % (os.environ.get('HTTPS') == 'on' and 'https' or 'http', get_host(request), admin_root), |         'admin_url': "%s://%s%s" % (request.is_secure() and 'https' or 'http', get_host(request), admin_root), | ||||||
|     }, context_instance=RequestContext(request)) |     }, context_instance=RequestContext(request)) | ||||||
| bookmarklets = staff_member_required(bookmarklets) | bookmarklets = staff_member_required(bookmarklets) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -23,6 +23,9 @@ class ModPythonRequest(http.HttpRequest): | |||||||
|     def get_full_path(self): |     def get_full_path(self): | ||||||
|         return '%s%s' % (self.path, self._req.args and ('?' + self._req.args) or '') |         return '%s%s' % (self.path, self._req.args and ('?' + self._req.args) or '') | ||||||
|  |  | ||||||
|  |     def is_secure(self): | ||||||
|  |         return self._req.subprocess_env.has_key('HTTPS') and self._req.subprocess_env['HTTPS'] == 'on' | ||||||
|  |  | ||||||
|     def _load_post_and_files(self): |     def _load_post_and_files(self): | ||||||
|         "Populates self._post and self._files" |         "Populates self._post and self._files" | ||||||
|         if self._req.headers_in.has_key('content-type') and self._req.headers_in['content-type'].startswith('multipart'): |         if self._req.headers_in.has_key('content-type') and self._req.headers_in['content-type'].startswith('multipart'): | ||||||
|   | |||||||
| @@ -66,6 +66,9 @@ class WSGIRequest(http.HttpRequest): | |||||||
|     def get_full_path(self): |     def get_full_path(self): | ||||||
|         return '%s%s' % (self.path, self.environ.get('QUERY_STRING', '') and ('?' + self.environ.get('QUERY_STRING', '')) or '') |         return '%s%s' % (self.path, self.environ.get('QUERY_STRING', '') and ('?' + self.environ.get('QUERY_STRING', '')) or '') | ||||||
|  |  | ||||||
|  |     def is_secure(self): | ||||||
|  |         return self.environ.has_key('HTTPS') and self.environ['HTTPS'] == 'on' | ||||||
|  |  | ||||||
|     def _load_post_and_files(self): |     def _load_post_and_files(self): | ||||||
|         # Populates self._post and self._files |         # Populates self._post and self._files | ||||||
|         if self.method == 'POST': |         if self.method == 'POST': | ||||||
|   | |||||||
| @@ -1,3 +1,4 @@ | |||||||
|  | import os | ||||||
| from Cookie import SimpleCookie | from Cookie import SimpleCookie | ||||||
| from pprint import pformat | from pprint import pformat | ||||||
| from urllib import urlencode, quote | from urllib import urlencode, quote | ||||||
| @@ -38,6 +39,9 @@ class HttpRequest(object): | |||||||
|     def get_full_path(self): |     def get_full_path(self): | ||||||
|         return '' |         return '' | ||||||
|          |          | ||||||
|  |     def is_secure(self): | ||||||
|  |         return os.environ.get("HTTPS") == "on" | ||||||
|  |  | ||||||
| def parse_file_upload(header_dict, post_data): | def parse_file_upload(header_dict, post_data): | ||||||
|     "Returns a tuple of (POST MultiValueDict, FILES MultiValueDict)" |     "Returns a tuple of (POST MultiValueDict, FILES MultiValueDict)" | ||||||
|     import email, email.Message |     import email, email.Message | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django import http | from django import http | ||||||
| from django.core.mail import mail_managers | from django.core.mail import mail_managers | ||||||
| import md5, os | import md5 | ||||||
|  |  | ||||||
| class CommonMiddleware(object): | class CommonMiddleware(object): | ||||||
|     """ |     """ | ||||||
| @@ -44,7 +44,7 @@ class CommonMiddleware(object): | |||||||
|         if new_url != old_url: |         if new_url != old_url: | ||||||
|             # Redirect |             # Redirect | ||||||
|             if new_url[0]: |             if new_url[0]: | ||||||
|                 newurl = "%s://%s%s" % (os.environ.get('HTTPS') == 'on' and 'https' or 'http', new_url[0], new_url[1]) |                 newurl = "%s://%s%s" % (request.is_secure() and 'https' or 'http', new_url[0], new_url[1]) | ||||||
|             else: |             else: | ||||||
|                 newurl = new_url[1] |                 newurl = new_url[1] | ||||||
|             if request.GET: |             if request.GET: | ||||||
|   | |||||||
| @@ -124,7 +124,7 @@ def technical_500_response(request, exc_type, exc_value, tb): | |||||||
|         'frames': frames, |         'frames': frames, | ||||||
|         'lastframe': frames[-1], |         'lastframe': frames[-1], | ||||||
|         'request': request, |         'request': request, | ||||||
|         'request_protocol': os.environ.get("HTTPS") == "on" and "https" or "http", |         'request_protocol': request.is_secure() and "https" or "http", | ||||||
|         'settings': get_safe_settings(), |         'settings': get_safe_settings(), | ||||||
|         'template_info': template_info, |         'template_info': template_info, | ||||||
|         'template_does_not_exist': template_does_not_exist, |         'template_does_not_exist': template_does_not_exist, | ||||||
| @@ -149,7 +149,7 @@ def technical_404_response(request, exception): | |||||||
|         'urlpatterns': tried, |         'urlpatterns': tried, | ||||||
|         'reason': str(exception), |         'reason': str(exception), | ||||||
|         'request': request, |         'request': request, | ||||||
|         'request_protocol': os.environ.get("HTTPS") == "on" and "https" or "http", |         'request_protocol': request.is_secure() and "https" or "http", | ||||||
|         'settings': get_safe_settings(), |         'settings': get_safe_settings(), | ||||||
|     }) |     }) | ||||||
|     return HttpResponseNotFound(t.render(c), mimetype='text/html') |     return HttpResponseNotFound(t.render(c), mimetype='text/html') | ||||||
|   | |||||||
| @@ -150,6 +150,10 @@ Methods | |||||||
|  |  | ||||||
|    Example: ``"/music/bands/the_beatles/?print=true"`` |    Example: ``"/music/bands/the_beatles/?print=true"`` | ||||||
|      |      | ||||||
|  | ``is_secure()`` | ||||||
|  |    Returns ``True`` if the request is secure; that is, if it was made with | ||||||
|  |    HTTPS. | ||||||
|  |  | ||||||
| QueryDict objects | QueryDict objects | ||||||
| ----------------- | ----------------- | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user