Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #12972 -- Validated that flatpages URLs start and (when appropr…

…iate) end with a slash. Thanks jabapyth, claudep and kmtracey.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17402 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 6b16580aaa7aa3453a874802e14eaf17db745c46 1 parent f9ea619
@aaugustin aaugustin authored
View
13 django/contrib/flatpages/forms.py
@@ -1,6 +1,7 @@
from django import forms
-from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
from django.contrib.flatpages.models import FlatPage
+from django.utils.translation import ugettext, ugettext_lazy as _
class FlatpageForm(forms.ModelForm):
url = forms.RegexField(label=_("URL"), max_length=100, regex=r'^[-\w/\.~]+$',
@@ -12,6 +13,16 @@ class FlatpageForm(forms.ModelForm):
class Meta:
model = FlatPage
+ def clean_url(self):
+ url = self.cleaned_data['url']
+ if not url.startswith('/'):
+ raise forms.ValidationError(ugettext("URL is missing a leading slash."))
+ if (settings.APPEND_SLASH and
+ 'django.middleware.common.CommonMiddleware' in settings.MIDDLEWARE_CLASSES and
+ not url.endswith('/')):
+ raise forms.ValidationError(ugettext("URL is missing a trailing slash."))
+ return url
+
def clean(self):
url = self.cleaned_data.get('url', None)
sites = self.cleaned_data.get('sites', None)
View
30 django/contrib/flatpages/tests/forms.py
@@ -2,6 +2,8 @@
from django.contrib.flatpages.forms import FlatpageForm
from django.contrib.flatpages.models import FlatPage
from django.test import TestCase
+from django.test.utils import override_settings
+from django.utils import translation
class FlatpageAdminFormTests(TestCase):
def setUp(self):
@@ -23,9 +25,29 @@ def test_flatpage_admin_form_url_validation(self):
self.assertFalse(FlatpageForm(data=dict(url='/a & char/', **self.form_data)).is_valid())
self.assertFalse(FlatpageForm(data=dict(url='/a ? char/', **self.form_data)).is_valid())
+ def test_flatpage_requires_leading_slash(self):
+ form = FlatpageForm(data=dict(url='no_leading_slash/', **self.form_data))
+ with translation.override('en'):
+ self.assertFalse(form.is_valid())
+ self.assertEqual(form.errors['url'], ["URL is missing a leading slash."])
+
+ @override_settings(APPEND_SLASH=True,
+ MIDDLEWARE_CLASSES=('django.middleware.common.CommonMiddleware',))
+ def test_flatpage_requires_trailing_slash_with_append_slash(self):
+ form = FlatpageForm(data=dict(url='/no_trailing_slash', **self.form_data))
+ with translation.override('en'):
+ self.assertFalse(form.is_valid())
+ self.assertEqual(form.errors['url'], ["URL is missing a trailing slash."])
+
+ @override_settings(APPEND_SLASH=False,
+ MIDDLEWARE_CLASSES=('django.middleware.common.CommonMiddleware',))
+ def test_flatpage_doesnt_requires_trailing_slash_without_append_slash(self):
+ form = FlatpageForm(data=dict(url='/no_trailing_slash', **self.form_data))
+ self.assertTrue(form.is_valid())
+
def test_flatpage_admin_form_url_uniqueness_validation(self):
"The flatpage admin form correctly enforces url uniqueness among flatpages of the same site"
- data = dict(url='/myflatpage1', **self.form_data)
+ data = dict(url='/myflatpage1/', **self.form_data)
FlatpageForm(data=data).save()
@@ -35,7 +57,7 @@ def test_flatpage_admin_form_url_uniqueness_validation(self):
self.assertEqual(
f.errors,
- {'__all__': [u'Flatpage with url /myflatpage1 already exists for site example.com']})
+ {'__all__': [u'Flatpage with url /myflatpage1/ already exists for site example.com']})
def test_flatpage_admin_form_edit(self):
"""
@@ -44,10 +66,10 @@ def test_flatpage_admin_form_edit(self):
"""
existing = FlatPage.objects.create(
- url="/myflatpage1", title="Some page", content="The content")
+ url="/myflatpage1/", title="Some page", content="The content")
existing.sites.add(settings.SITE_ID)
- data = dict(url='/myflatpage1', **self.form_data)
+ data = dict(url='/myflatpage1/', **self.form_data)
f = FlatpageForm(data=data, instance=existing)
Please sign in to comment.
Something went wrong with that request. Please try again.