RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/django/django/commit/2a5bcb69f42b84464b24b5c835dca6467b6aa7f1 below:

[1.5.x] Fixed a remote code execution vulnerabilty in URL reversing. · django/django@2a5bcb6 · GitHub


 @@ -244,6 +244,10 @@ def __init__(self, regex, urlconf_name, default_kwargs=None, app_name=None, name

244 244


 self._reverse_dict = {}

245 245


 self._namespace_dict = {}

246 246


 self._app_dict = {}

247

+
 # set of dotted paths to all functions and classes that are used in

248

+
 # urlpatterns

249

+
 self._callback_strs = set()

250

+
 self._populated = False

247 251 248 252


 def __repr__(self):

249 253


 if isinstance(self.urlconf_name, list) and len(self.urlconf_name):


 @@ -261,6 +265,15 @@ def _populate(self):

261 265


 apps = {}

262 266


 language_code = get_language()

263 267


 for pattern in reversed(self.url_patterns):

268

+
 if hasattr(pattern, '_callback_str'):

269

+
 self._callback_strs.add(pattern._callback_str)

270

+
 elif hasattr(pattern, '_callback'):

271

+
 callback = pattern._callback

272

+
 if not hasattr(callback, '__name__'):

273

+
 lookup_str = callback.__module__ + "." + callback.__class__.__name__

274

+
 else:

275

+
 lookup_str = callback.__module__ + "." + callback.__name__

276

+
 self._callback_strs.add(lookup_str)

264 277


 p_pattern = pattern.regex.pattern

265 278


 if p_pattern.startswith('^'):

266 279


 p_pattern = p_pattern[1:]


 @@ -281,6 +294,7 @@ def _populate(self):

281 294


 namespaces[namespace] = (p_pattern + prefix, sub_pattern)

282 295


 for app_name, namespace_list in pattern.app_dict.items():

283 296


 apps.setdefault(app_name, []).extend(namespace_list)

297

+
 self._callback_strs.update(pattern._callback_strs)

284 298


 else:

285 299


 bits = normalize(p_pattern)

286 300


 lookups.appendlist(pattern.callback, (bits, p_pattern, pattern.default_args))


 @@ -289,6 +303,7 @@ def _populate(self):

289 303


 self._reverse_dict[language_code] = lookups

290 304


 self._namespace_dict[language_code] = namespaces

291 305


 self._app_dict[language_code] = apps

306

+
 self._populated = True

292 307 293 308


 @property

294 309


 def reverse_dict(self):


 @@ -375,8 +390,13 @@ def reverse(self, lookup_view, *args, **kwargs):

375 390


 def _reverse_with_prefix(self, lookup_view, _prefix, *args, **kwargs):

376 391


 if args and kwargs:

377 392


 raise ValueError("Don't mix *args and **kwargs in call to reverse()!")

393 + 394

+
 if not self._populated:

395

+
 self._populate()

396 + 378 397


 try:

379

-
 lookup_view = get_callable(lookup_view, True)

398

+
 if lookup_view in self._callback_strs:

399

+
 lookup_view = get_callable(lookup_view, True)

380 400


 except (ImportError, AttributeError) as e:

381 401


 raise NoReverseMatch("Error importing '%s': %s." % (lookup_view, e))

382 402


 possibilities = self.reverse_dict.getlist(lookup_view)

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4