Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #3421 -- Added IP and localhost validation to newforms URLField…

…. Thanks, SmileyChris.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6152 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit a2ce7669d902cf32eeac9307b804b78ed4150fe5 1 parent 8b0eaba
@freakboy3742 freakboy3742 authored
Showing with 16 additions and 6 deletions.
  1. +8 −6 django/newforms/fields.py
  2. +8 −0 tests/regressiontests/forms/tests.py
View
14 django/newforms/fields.py
@@ -335,12 +335,6 @@ def __init__(self, max_length=None, min_length=None, *args, **kwargs):
RegexField.__init__(self, email_re, max_length, min_length,
ugettext(u'Enter a valid e-mail address.'), *args, **kwargs)
-url_re = re.compile(
- r'^https?://' # http:// or https://
- r'(?:[A-Z0-9-]+\.)+[A-Z]{2,6}' # domain
- r'(?::\d+)?' # optional port
- r'(?:/?|/\S+)$', re.IGNORECASE)
-
try:
from django.conf import settings
URL_VALIDATOR_USER_AGENT = settings.URL_VALIDATOR_USER_AGENT
@@ -399,6 +393,14 @@ def clean(self, data):
raise ValidationError(ugettext(u"Upload a valid image. The file you uploaded was either not an image or a corrupted image."))
return f
+url_re = re.compile(
+ r'^https?://' # http:// or https://
+ r'(?:(?:[A-Z0-9-]+\.)+[A-Z]{2,6}|' #domain...
+ r'localhost|' #localhost...
+ r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
+ r'(?::\d+)?' # optional port
+ r'(?:/?|/\S+)$', re.IGNORECASE)
+
class URLField(RegexField):
def __init__(self, max_length=None, min_length=None, verify_exists=False,
validator_user_agent=URL_VALIDATOR_USER_AGENT, *args, **kwargs):
View
8 tests/regressiontests/forms/tests.py
@@ -1607,10 +1607,18 @@
Traceback (most recent call last):
...
ValidationError: [u'This field is required.']
+>>> f.clean('http://localhost')
+u'http://localhost'
>>> f.clean('http://example.com')
u'http://example.com'
>>> f.clean('http://www.example.com')
u'http://www.example.com'
+>>> f.clean('http://www.example.com:8000/test')
+u'http://www.example.com:8000/test'
+>>> f.clean('http://200.8.9.10')
+u'http://200.8.9.10'
+>>> f.clean('http://200.8.9.10:8000/test')
+u'http://200.8.9.10:8000/test'
>>> f.clean('foo')
Traceback (most recent call last):
...
Please sign in to comment.
Something went wrong with that request. Please try again.