Django

Code

Ticket #3421 (closed: fixed)

Opened 2 years ago

Last modified 1 year ago

URLField does not validate IP addresses, or localhost

Reported by: mirrorballu2@gmail.com Assigned to: nobody
Milestone: Component: Forms
Version: SVN Keywords: URLField
Cc: Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

This URL http://127.0.0.1:8000/ doesn't validate. I think it should, because that's where Django's own server runs. Also sites can be run without a domain, only using the IP. This doesn't validate either: http://201.27.42.72/

Attachments

url_re.patch (0.5 kB) - added by madssj@gmail.com on 07/06/07 08:07:47.
url_re patch
url_re.2.patch (1.1 kB) - added by SmileyChris on 09/03/07 18:56:55.

Change History

02/17/07 04:48:04 changed by Simon G. <dev@simon.net.nz>

  • needs_better_patch changed.
  • component changed from Validators to django.newforms.
  • needs_tests changed.
  • summary changed from URLField: 127.0.0.1 URLs are invalid to URLField does not validate IP addresses, or localhost.
  • needs_docs changed.
  • stage changed from Unreviewed to Design decision needed.

I've moved this onto newforms, as this is still an issue there - e.g.: 

In [47]: f.clean('http://localhost')
...
ValidationError: [u'Enter a valid URL.']

In [48]: f.clean('http://127.0.0.1')
...
ValidationError: [u'Enter a valid URL.']

In [49]: f.clean('http://208.113.142.170')
...
ValidationError: [u'Enter a valid URL.']

Looking at the regex though, it may be more trouble than it's worth to fix this.

07/06/07 08:06:24 changed by madssj@gmail.com

  • has_patch set to 1.

Attached patch the allows ip's in the url.

07/06/07 08:07:47 changed by madssj@gmail.com

  • attachment url_re.patch added.

url_re patch

09/03/07 18:56:55 changed by SmileyChris

  • attachment url_re.2.patch added.

09/03/07 18:57:38 changed by SmileyChris

  • stage changed from Design decision needed to Ready for checkin.

(added tests in the last patch)

I don't really see a design decision required. Promoting to checkin.

09/03/07 20:38:56 changed by anonymous

Any chance this could be broken into separate options for the field before getting checked in? From a security standpoint I think it's safer to make programmers dictate they want to accept IPs and non-standard port numbers (IPs and non port 80/443 sites are very commonly used by malware/phishing sites and comment form spammers).

09/13/07 21:11:24 changed by russellm

  • status changed from new to closed.
  • resolution set to fixed.

(In [6152]) Fixed #3421 -- Added IP and localhost validation to newforms URLField. Thanks, SmileyChris?.

Add/Change #3421 (URLField does not validate IP addresses, or localhost)




Change Properties
Action