Opened 17 years ago
Closed 14 years ago
#5192 closed (fixed)
Flatpages should be able to handle more characters (e.g. ~)
Reported by: | Owned by: | ctrochalakis | |
---|---|---|---|
Component: | Contrib apps | Version: | dev |
Severity: | Keywords: | ||
Cc: | yatiohi@… | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
url validator is wrong and flatpages uses core.isAlphaNumericUrl in his model. expecially chars like `~' are not accepted.
Attachments (4)
Change History (24)
follow-up: 2 comment:1 by , 17 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:2 by , 17 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
Replying to Simon G. <dev@simon.net.nz>:
How is the url validator wrong? is it just the flatpages app that you're having issues with? can you give some details please?
this is the re used to validate urls:
url_re = re.compile(r'^https?://\S+$')
but urls can have different schemas, addictionally urls have some restrictions for unsafe chars (rfc1738).
also working whid unquoted chars instead of quoted unsafe ones it's a good thing for url dispatch sanity.
flatpages uses the following regex to check urls:
alnumurl_re = re.compile(r'^[-\w/]+$')
so how can i use unsafe (quoted) chars like tilde `~'? in rfc2396, which revises and replaces rfc1738, adds tilde to unreserved characters "...since it is extensively used on the Internet in spite of the difficulty to transcribe it with some keyboards."
comment:3 by , 17 years ago
Component: | Validators → Contrib apps |
---|---|
Summary: | wrong url validator → Flatpages should be able to handle more characters (e.g. ~) |
Triage Stage: | Unreviewed → Accepted |
comment:4 by , 17 years ago
Has patch: | set |
---|---|
Owner: | changed from | to
Status: | reopened → new |
Simon G: Are we wanting to change the isAlphaNumericURL validator in django/core/validators.py to also accept a tilde char? If so see patch 5192a.diff... You've changed the component and summary which leads me to think that you don't want to and would rather isolate the changes to the flatpages module (although I'd argue that a url filter should allow tildes. Of course than we have to update the translations of the validation error message). If you'd rather just touch the flatpages module and not worry about the slightly misleading error message we could monkeypatch the appropriate validators re (see 5192b.diff) and call it good.
comment:5 by , 17 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
Hmm.. good question. We should probably do what the RFC's say, but that involves modifying isAlphaNumericURL into something that's isAlphaNumericURLAndSomeExtraThingsLikeTilde.
I'll offload it to one of the core developers to decide what's best :)
comment:7 by , 17 years ago
Patch needs improvement: | set |
---|---|
Triage Stage: | Ready for checkin → Accepted |
This is the wrong change: it makes the alpha-numeric regular expression match "~". The right way to change this is by modifying the url field on FlatPage itself.
comment:8 by , 17 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Jacob, do you mean using a RegexField for example?
comment:9 by , 17 years ago
Oops, sorry for that. RegexField is newforms not models.fields!
Is the correct way creating a new validator and appending it to validator_list?
by , 17 years ago
Attachment: | 0001-contrib.flatpages-URL-can-now-contain-tilde.patch added |
---|
tilde-v1
comment:10 by , 17 years ago
Patch needs improvement: | unset |
---|
Modified the URL field on flatpage application. (tilde-v1 patch)
comment:11 by , 17 years ago
Also: attempting to add a url like /test.html as a flatpage is rejected with the following error:
- This value must contain only letters, numbers, underscores, dashes or slashes.
I suspect it is the . (period), although the lack of trailing slash might be throwing it for a loop as well?
comment:13 by , 16 years ago
Following conversation with malcolmt on IRC, leaving this alone for now and removing it from SprintIdeas as it is post-1.0.
I think the question here is how to validate the URLs entered for flatpages now that oldforms/validation isn't around anymore. It can go one of two ways:
- A simplistic regex that tries to conform to "average case" usage of flatpages, coupled with docs saying what URLs are supported in flatpages. Benefits: short(er) regex, easier to maintain, secure, and debug. Downsides: people creating flatpages in unusual locations will run into trouble.
- RFC2396-compliant regex. Benefits: flatpages can work with any valid URL, "standards compliance". Downsides: monsterously complex regex, difficult to secure, difficult to understand and maintain.
Hope this helps focus future work on this ticket!
comment:14 by , 16 years ago
milestone: | → post-1.0 |
---|
Correction, didn't remove from sprintideas, but retargeted for post-1.0 and noted as such in SprintIdeas.
comment:15 by , 16 years ago
I ran into the same problem while trying to verify my site to google's "webmaster tools". They tell you the url to create and you have to create it to prove that you control the site.
They asked for a random url ending with ".html" (google29988dbab2fb15d3.html), which generated the error noted above from flatpages.
So certainly adding "." to the legal characters sounds to me like a good and easy idea.
Or can the validation step be made optional so the user can override it?
comment:17 by , 15 years ago
It is rather old ticket and it annoys sometimes. May be we can use this way for now?
A simplistic regex that tries to conform to "average case" usage of flatpages, coupled with docs saying what URLs are supported in flatpages. Benefits: short(er) regex, easier to maintain, secure, and debug. Downsides: people creating flatpages in unusual locations will run into trouble.
Just add some common symbols ("~", ".", may be some more) to the regexp. It should be easy and should not make troubles for anybody. And someday, where it will be time, think about more powerful regexp, may be checking all RFC2396-valid URLs.
by , 15 years ago
Attachment: | 0001-add-support-for-dots-and-tildes-in-flatpages.patch added |
---|
+dots+tildes, new patch on top of trunk
comment:18 by , 15 years ago
Cc: | added |
---|
The old patch couldn't be applied anymore. Now the validation code is located in admin.py, I wrote a new patch adding support for both dots(.) and tildes(~)
comment:19 by , 15 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
comment:20 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
How is the url validator wrong? is it just the flatpages app that you're having issues with? can you give some details please?