[Changeset] r14007 - in django/trunk: django/contrib/syndication tests/regressiontests/syndication

Fri, 08 Oct 2010 07:14:09 -0700 

Author: russellm
Date: 2010-10-08 09:14:05 -0500 (Fri, 08 Oct 2010)
New Revision: 14007

Modified:
   django/trunk/django/contrib/syndication/views.py
   django/trunk/tests/regressiontests/syndication/tests.py
Log:
Fixed #13218 -- Ensure that syndicated content served over HTTPS uses https:// 
links by default. Thanks to schaefer for the report, and Ben Firshman for the 
patch.

Modified: django/trunk/django/contrib/syndication/views.py
===================================================================
--- django/trunk/django/contrib/syndication/views.py    2010-10-08 14:13:44 UTC 
(rev 14006)
+++ django/trunk/django/contrib/syndication/views.py    2010-10-08 14:14:05 UTC 
(rev 14007)
@@ -8,13 +8,17 @@
 from django.utils.encoding import force_unicode, iri_to_uri, smart_unicode
 from django.utils.html import escape
 
-def add_domain(domain, url):
+def add_domain(domain, url, secure=False):
     if not (url.startswith('http://')
             or url.startswith('https://')
             or url.startswith('mailto:')):
         # 'url' must already be ASCII and URL-quoted, so no need for encoding
         # conversions here.
-        url = iri_to_uri(u'http://%s%s' % (domain, url))
+        if secure:
+            protocol = 'https'
+        else:
+            protocol = 'http'
+        url = iri_to_uri(u'%s://%s%s' % (protocol, domain, url))
     return url
 
 class FeedDoesNotExist(ObjectDoesNotExist):
@@ -94,7 +98,7 @@
         current_site = get_current_site(request)
 
         link = self.__get_dynamic_attr('link', obj)
-        link = add_domain(current_site.domain, link)
+        link = add_domain(current_site.domain, link, request.is_secure())
 
         feed = self.feed_type(
             title = self.__get_dynamic_attr('title', obj),
@@ -102,8 +106,11 @@
             link = link,
             description = self.__get_dynamic_attr('description', obj),
             language = settings.LANGUAGE_CODE.decode(),
-            feed_url = add_domain(current_site.domain,
-                    self.__get_dynamic_attr('feed_url', obj) or request.path),
+            feed_url = add_domain(
+                current_site.domain,
+                self.__get_dynamic_attr('feed_url', obj) or request.path,
+                request.is_secure(),
+            ),
             author_name = self.__get_dynamic_attr('author_name', obj),
             author_link = self.__get_dynamic_attr('author_link', obj),
             author_email = self.__get_dynamic_attr('author_email', obj),
@@ -137,7 +144,11 @@
                 description = description_tmp.render(RequestContext(request, 
{'obj': item, 'site': current_site}))
             else:
                 description = self.__get_dynamic_attr('item_description', item)
-            link = add_domain(current_site.domain, 
self.__get_dynamic_attr('item_link', item))
+            link = add_domain(
+                current_site.domain,
+                self.__get_dynamic_attr('item_link', item),
+                request.is_secure(),
+            )
             enc = None
             enc_url = self.__get_dynamic_attr('item_enclosure_url', item)
             if enc_url:

Modified: django/trunk/tests/regressiontests/syndication/tests.py
===================================================================
--- django/trunk/tests/regressiontests/syndication/tests.py     2010-10-08 
14:13:44 UTC (rev 14006)
+++ django/trunk/tests/regressiontests/syndication/tests.py     2010-10-08 
14:14:05 UTC (rev 14007)
@@ -236,6 +236,25 @@
             if link.getAttribute('rel') == 'self':
                 self.assertEqual(link.getAttribute('href'), 
'http://example.com/customfeedurl/')
 
+    def test_secure_urls(self):
+        """
+        Test URLs are prefixed with https:// when feed is requested over HTTPS.
+        """
+        response = self.client.get('/syndication/rss2/', **{
+            'wsgi.url_scheme': 'https',
+        })
+        doc = minidom.parseString(response.content)
+        chan = doc.getElementsByTagName('channel')[0]
+        self.assertEqual(
+            chan.getElementsByTagName('link')[0].firstChild.wholeText[0:5],
+            'https'
+        )
+        atom_link = chan.getElementsByTagName('atom:link')[0]
+        self.assertEqual(atom_link.getAttribute('href')[0:5], 'https')
+        for link in doc.getElementsByTagName('link'):
+            if link.getAttribute('rel') == 'self':
+                self.assertEqual(link.getAttribute('href')[0:5], 'https')
+
     def test_item_link_error(self):
         """
         Test that a ImproperlyConfigured is raised if no link could be found
@@ -271,6 +290,10 @@
             'http://example.com/foo/?arg=value'
         )
         self.assertEqual(
+            views.add_domain('example.com', '/foo/?arg=value', True),
+            'https://example.com/foo/?arg=value'
+        )
+        self.assertEqual(
             views.add_domain('example.com', 'http://djangoproject.com/doc/'),
             'http://djangoproject.com/doc/'
         )

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to