89 # list of values if present, omitting those values that are |
90 # list of values if present, omitting those values that are |
90 # out of range |
91 # out of range |
91 |
92 |
92 |
93 |
93 def isReferrerSelf(request, |
94 def isReferrerSelf(request, |
94 expected_prefix=None, suffix=None): |
95 expected_prefix=None, suffix=None, url_name=None): |
95 """Returns True if HTTP referrer path starts with the HTTP request path. |
96 """Returns True if HTTP referrer path starts with the HTTP request path. |
96 |
97 |
97 Args: |
98 Args: |
98 request: the Django HTTP request object; request.path is used if |
99 request: the Django HTTP request object; request.path is used if |
99 expected_path is not supplied (the most common usage) |
100 expected_path is not supplied (the most common usage) |
101 request.path; default is None (use request.path) |
102 request.path; default is None (use request.path) |
102 suffix: suffix to remove from the HTTP request path before comparing |
103 suffix: suffix to remove from the HTTP request path before comparing |
103 it to the HTTP referrer path in the HTTP request object headers |
104 it to the HTTP referrer path in the HTTP request object headers |
104 (this is often an link ID, for example, that may be changing from |
105 (this is often an link ID, for example, that may be changing from |
105 a POST referrer to a GET redirect target) |
106 a POST referrer to a GET redirect target) |
|
107 url_name: url name of the entity that is being created |
106 |
108 |
107 Returns: |
109 Returns: |
108 True if HTTP referrer path begins with the HTTP request path (either |
110 True if HTTP referrer path begins with the HTTP request path (either |
109 request.path or expected_prefix instead if it was supplied), after |
111 request.path or expected_prefix instead if it was supplied), after |
110 any suffix was removed from that request path |
112 any suffix was removed from that request path |
111 False otherwise |
113 False otherwise |
112 |
114 |
113 """ |
115 """ |
114 http_from = request.META.get('HTTP_REFERER') |
116 http_from = request.META.get('HTTP_REFERER') |
115 |
117 |
116 if not http_from: |
118 if not http_from: |
117 # no HTTP referrer, so cannot possibly start with expected prefix |
119 # no HTTP referrer, so cannot possibly start with expected prefix |
118 return False |
120 return False |
119 |
121 |
|
122 http_host = 'http://%s/%s' %(os.environ['HTTP_HOST'],url_name) |
|
123 |
|
124 if http_from.startswith(http_host): |
|
125 return True |
|
126 |
120 from_path = urlparse.urlparse(http_from).path |
127 from_path = urlparse.urlparse(http_from).path |
121 |
128 |
122 if not expected_prefix: |
129 if not expected_prefix: |
123 # use HTTP request path, since expected_prefix was not supplied |
130 # use HTTP request path, since expected_prefix was not supplied |
124 expected_prefix = request.path |
131 expected_prefix = request.path |
125 |
132 |
126 if suffix: |
133 if suffix: |
133 expected_prefix = expected_prefix[:-chars_to_remove] |
140 expected_prefix = expected_prefix[:-chars_to_remove] |
134 |
141 |
135 if not from_path.startswith(expected_prefix): |
142 if not from_path.startswith(expected_prefix): |
136 # expected prefix did not match first part of HTTP referrer path |
143 # expected prefix did not match first part of HTTP referrer path |
137 return False |
144 return False |
138 |
145 |
139 # HTTP referrer started with (possibly truncated) expected prefix |
146 # HTTP referrer started with (possibly truncated) expected prefix |
140 return True |
147 return True |
141 |
148 |
142 |
149 |
143 def replaceSuffix(path, old_suffix, new_suffix=None, params=None): |
150 def replaceSuffix(path, old_suffix, new_suffix=None, params=None): |