Opened 8 years ago
Closed 8 years ago
#26244 closed Cleanup/optimization (wontfix)
URLValidator and http/request.py use different validators
| Reported by: | Zach Borboa | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Florian Apolloner | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The host validation patterns should probably be the same and written in a way that allows their reuse.
~ https://github.com/django/django/blob/master/django/core/validators.py#L99
~ https://github.com/django/django/blob/master/django/http/request.py#L25
Change History (5)
comment:1 by , 8 years ago
| Component: | Uncategorized → HTTP handling |
|---|---|
| Type: | Uncategorized → Cleanup/optimization |
comment:2 by , 8 years ago
host_validation_re could be changed from
host_validation_re = re.compile(r"^([a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9:]+\])(:\d+)?$")
to something like
host_validation_re = re.compile( r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')' r'(?::\d{2,5})?' # port )
comment:3 by , 8 years ago
| Cc: | added |
|---|
Florian, what do you think? The regular expression in request.py is a security fix from 27560924ec1e567be4727ef8d7dfc4d3879c048c.
comment:4 by , 8 years ago
I do not see big wins in changing it and am worried that it becomes a nightmare like we have with host_re. Simple & easy is preferable in those code paths imo.
comment:5 by , 8 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Thanks, sounds like we're in agreement then.
Note:
See TracTickets
for help on using tickets.
Unless there is some problem that fixing this will solve, I vote not to try to combine the two.
URLValidatorchanges too often. If we cause some regression there, at least it's some limited compared to if we also breakdjango.http.request.