Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
…o that GET and POST data doesn't "overwrite" request attributes when used in templates (since dictionary lookup is performed before attribute lookup). This is backwards-incompatible if you were using the request object for dictionary access to the combined GET and POST data, but you should use `request.REQUEST` for that instead. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8202 bcc190cf-cafb-0310-a4f2-bffc1f526a37
- Loading branch information
Showing
8 changed files
with
68 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # Models file for tests to run. |
13 changes: 13 additions & 0 deletions
13
tests/regressiontests/context_processors/templates/context_processors/request_attrs.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| {% if request %} | ||
| Have request | ||
| {% else %} | ||
| No request | ||
| {% endif %} | ||
|
|
||
| {% if request.is_secure %} | ||
| Secure | ||
| {% else %} | ||
| Not secure | ||
| {% endif %} | ||
|
|
||
| {{ request.path }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| """ | ||
| Tests for Django's bundled context processors. | ||
| """ | ||
|
|
||
| from django.conf import settings | ||
| from django.test import TestCase | ||
|
|
||
|
|
||
| class RequestContextProcessorTests(TestCase): | ||
| """ | ||
| Tests for the ``django.core.context_processors.request`` processor. | ||
| """ | ||
|
|
||
| urls = 'regressiontests.context_processors.urls' | ||
|
|
||
| def test_request_attributes(self): | ||
| """ | ||
| Test that the request object is available in the template and that its | ||
| attributes can't be overridden by GET and POST parameters (#3828). | ||
| """ | ||
| url = '/request_attrs/' | ||
| # We should have the request object in the template. | ||
| response = self.client.get(url) | ||
| self.assertContains(response, 'Have request') | ||
| # Test is_secure. | ||
| response = self.client.get(url) | ||
| self.assertContains(response, 'Not secure') | ||
| response = self.client.get(url, {'is_secure': 'blah'}) | ||
| self.assertContains(response, 'Not secure') | ||
| response = self.client.post(url, {'is_secure': 'blah'}) | ||
| self.assertContains(response, 'Not secure') | ||
| # Test path. | ||
| response = self.client.get(url) | ||
| self.assertContains(response, url) | ||
| response = self.client.get(url, {'path': '/blah/'}) | ||
| self.assertContains(response, url) | ||
| response = self.client.post(url, {'path': '/blah/'}) | ||
| self.assertContains(response, url) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| from django.conf.urls.defaults import * | ||
|
|
||
| import views | ||
|
|
||
|
|
||
| urlpatterns = patterns('', | ||
| (r'^request_attrs/$', views.request_processor), | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| from django.core import context_processors | ||
| from django.shortcuts import render_to_response | ||
| from django.template.context import RequestContext | ||
|
|
||
|
|
||
| def request_processor(request): | ||
| return render_to_response('context_processors/request_attrs.html', | ||
| RequestContext(request, {}, processors=[context_processors.request])) |