From fd233f40d1922c6f3d9dd0e5738397bdc4aac9ef Mon Sep 17 00:00:00 2001 From: Joseph Kocherhans Date: Tue, 23 Feb 2010 18:50:57 +0000 Subject: [PATCH] Fixed #12070. Fixed a case where var._whatever wasn't raising a TemplateSyntaxError. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12539 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/template/__init__.py | 4 ++-- tests/regressiontests/templates/parser.py | 13 +++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/django/template/__init__.py b/django/template/__init__.py index 66c415a8c4..203b5e7582 100644 --- a/django/template/__init__.py +++ b/django/template/__init__.py @@ -538,8 +538,6 @@ class FilterExpression(object): var_obj = None elif var is None: raise TemplateSyntaxError("Could not find variable at start of %s." % token) - elif var.find(VARIABLE_ATTRIBUTE_SEPARATOR + '_') > -1 or var[0] == '_': - raise TemplateSyntaxError("Variables and attributes may not begin with underscores: '%s'" % var) else: var_obj = Variable(var) else: @@ -698,6 +696,8 @@ class Variable(object): except ValueError: # Otherwise we'll set self.lookups so that resolve() knows we're # dealing with a bonafide variable + if var.find(VARIABLE_ATTRIBUTE_SEPARATOR + '_') > -1 or var[0] == '_': + raise TemplateSyntaxError("Variables and attributes may not begin with underscores: '%s'" % var) self.lookups = tuple(var.split(VARIABLE_ATTRIBUTE_SEPARATOR)) def resolve(self, context): diff --git a/tests/regressiontests/templates/parser.py b/tests/regressiontests/templates/parser.py index 9e6ad2166e..4db54556ed 100644 --- a/tests/regressiontests/templates/parser.py +++ b/tests/regressiontests/templates/parser.py @@ -76,6 +76,13 @@ u"Some 'Bad' News" [] >>> fe.var u'Some "Good" News' + +Filtered variables should reject access of attributes beginning with underscores. + +>>> FilterExpression('article._hidden|upper', p) +Traceback (most recent call last): +... +TemplateSyntaxError: Variables and attributes may not begin with underscores: 'article._hidden' """ variable_parsing = r""" @@ -105,4 +112,10 @@ u'Some "Good" News' >>> Variable(ur"'Some \'Better\' News'").resolve(c) u"Some 'Better' News" +Variables should reject access of attributes beginning with underscores. + +>>> Variable('article._hidden') +Traceback (most recent call last): +... +TemplateSyntaxError: Variables and attributes may not begin with underscores: 'article._hidden' """