0001-post-allow-using-submitted-data-in-url-substitution-.patch
combo/data/models.py | ||
---|---|---|
14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 |
import copy |
|
17 | 18 |
import feedparser |
18 | 19 |
import hashlib |
19 | 20 |
import json |
... | ... | |
894 | 895 |
error_message = self.actions[action].get('error-message') |
895 | 896 |
logger = logging.getLogger(__name__) |
896 | 897 | |
897 |
context = RequestContext(request, {'request': request, 'synchronous': True}) |
|
898 |
try: |
|
899 |
url = utils.get_templated_url(self.actions[action]['url'], context) |
|
900 |
except utils.UnknownTemplateVariableError: |
|
901 |
logger.warning('unknown variable in URL (%s)', self.actions[action]['url']) |
|
902 |
raise PostException(error_message) |
|
903 | ||
904 | 898 |
content = {} |
905 | 899 |
for key, value in request.POST.items(): |
906 | 900 |
if key == 'action': |
907 | 901 |
continue |
908 | 902 |
content[key] = value |
909 | 903 | |
904 |
context_dict = copy.copy(content) |
|
905 |
context_dict['request'] = request |
|
906 |
context_dict['synchronous'] = True |
|
907 | ||
908 |
context = RequestContext(request, context_dict) |
|
909 |
try: |
|
910 |
url = utils.get_templated_url(self.actions[action]['url'], context) |
|
911 |
except utils.UnknownTemplateVariableError: |
|
912 |
logger.warning('unknown variable in URL (%s)', self.actions[action]['url']) |
|
913 |
raise PostException(error_message) |
|
914 | ||
910 | 915 |
json_response = utils.requests.post(url, |
911 | 916 |
headers={'Accept': 'application/json'}, |
912 | 917 |
remote_service='auto', |
tests/test_public.py | ||
---|---|---|
376 | 376 |
resp2 = resp.form.submit(headers={'x-requested-with': 'XMLHttpRequest'}) |
377 | 377 |
assert resp2.content.startswith('<form') |
378 | 378 |
assert resp2.headers['x-error-message'] == 'Failed to create stuff.' |
379 | ||
380 |
# check variable substitution in URL |
|
381 |
with mock.patch('combo.utils.requests.post') as requests_post: |
|
382 |
settings.JSON_CELL_TYPES['test-post-cell']['actions']['create'] = { |
|
383 |
'url': 'http://test-post-cell/[value]/delete'} |
|
384 |
resp2 = resp.form.submit() |
|
385 |
assert requests_post.call_args[0][0] == 'http://test-post-cell/plop/delete' |
|
379 |
- |