|
| 1 | +"""test of views for Django 1.x""" |
| 2 | +from django.conf.urls import patterns, url |
| 3 | +from django.http.response import HttpResponse |
| 4 | +from django.views.generic import View |
| 5 | + |
| 6 | + |
| 7 | +def url_match_xss(request, foo, bar, no_taint=None): |
| 8 | + return HttpResponse('url_match_xss: {} {}'.format(foo, bar)) |
| 9 | + |
| 10 | + |
| 11 | +def get_params_xss(request): |
| 12 | + return HttpResponse(request.GET.get("untrusted")) |
| 13 | + |
| 14 | + |
| 15 | +def post_params_xss(request): |
| 16 | + return HttpResponse(request.POST.get("untrusted")) |
| 17 | + |
| 18 | + |
| 19 | +def http_resp_write(request): |
| 20 | + rsp = HttpResponse() |
| 21 | + rsp.write(request.GET.get("untrusted")) |
| 22 | + return rsp |
| 23 | + |
| 24 | + |
| 25 | +class Foo(object): |
| 26 | + # Note: since Foo is used as the super type in a class view, it will be able to handle requests. |
| 27 | + |
| 28 | + |
| 29 | + def post(self, request, untrusted): |
| 30 | + return HttpResponse('Foo post: {}'.format(untrusted)) |
| 31 | + |
| 32 | + |
| 33 | +class ClassView(View, Foo): |
| 34 | + |
| 35 | + def get(self, request, untrusted): |
| 36 | + return HttpResponse('ClassView get: {}'.format(untrusted)) |
| 37 | + |
| 38 | + |
| 39 | +def show_articles(request, page_number=1): |
| 40 | + page_number = int(page_number) |
| 41 | + return HttpResponse('articles page: {}'.format(page_number)) |
| 42 | + |
| 43 | + |
| 44 | +def xxs_positional_arg(request, arg0, arg1, no_taint=None): |
| 45 | + return HttpResponse('xxs_positional_arg: {} {}'.format(arg0, arg1)) |
| 46 | + |
| 47 | + |
| 48 | +urlpatterns = [ |
| 49 | + url(r'^url_match/(?P<foo>[^/]+)/(?P<bar>[^/]+)$', url_match_xss), |
| 50 | + url(r'^get_params$', get_params_xss), |
| 51 | + url(r'^post_params$', post_params_xss), |
| 52 | + url(r'^http_resp_write$', http_resp_write), |
| 53 | + url(r'^class_view/(?P<untrusted>.+)$', ClassView.as_view()), |
| 54 | + |
| 55 | + # one pattern to support `articles/page-<n>` and ensuring that articles/ goes to page-1 |
| 56 | + url(r'articles/^(?:page-(?P<page_number>\d+)/)?$', show_articles), |
| 57 | + # passing as positional argument is not the recommended way of doing things, but it is certainly |
| 58 | + # possible |
| 59 | + url(r'^([^/]+)/(?:foo|bar)/([^/]+)$', xxs_positional_arg, name='xxs_positional_arg'), |
| 60 | +] |
| 61 | + |
| 62 | +################################################################################ |
| 63 | +# Using patterns() for routing |
| 64 | + |
| 65 | +def show_user(request, username): |
| 66 | + return HttpResponse('show_user {}'.format(username)) |
| 67 | + |
| 68 | + |
| 69 | +urlpatterns = patterns(url(r'^users/(?P<username>[^/]+)$', show_user)) |
| 70 | + |
| 71 | +################################################################################ |
| 72 | +# Show we understand the keyword arguments to django.conf.urls.url |
| 73 | + |
| 74 | +def kw_args(request): |
| 75 | + return HttpResponse('kw_args') |
| 76 | + |
| 77 | +urlpatterns = [ |
| 78 | + url(view=kw_args, regex=r'^kw_args$') |
| 79 | +] |
0 commit comments