def redirect_to_context(node_id):
"""Redirects to the context URL of the node.
Comment: redirects to whatever the comment is attached to + #node_id
(unless 'whatever the comment is attached to' already contains '#', then
'#node_id' isn't appended)
Post: redirects to main or project-specific blog post
Other: redirects to project.url + #node_id
"""
if node_id.lower() == '{{objectid}}':
log.warning("JavaScript should have filled in the ObjectID placeholder, but didn't. "
"URL=%s and referrer=%s",
request.url, request.referrer)
raise wz_exceptions.NotFound('Invalid ObjectID')
try:
url = url_for_node(node_id)
except ValueError as ex:
log.warning("%s: URL=%s and referrer=%s",
str(ex), request.url, request.referrer)
raise wz_exceptions.NotFound('Invalid ObjectID')
return redirect(url)
python类referrer()的实例源码
def authorize_view(self):
"""Flask view that starts the authorization flow.
Starts flow by redirecting the user to the OAuth2 provider.
"""
args = request.args.to_dict()
# Scopes will be passed as mutliple args, and to_dict() will only
# return one. So, we use getlist() to get all of the scopes.
args['scopes'] = request.args.getlist('scopes')
return_url = args.pop('return_url', None)
if return_url is None:
return_url = request.referrer or '/'
flow = self._make_flow(return_url=return_url, **args)
auth_url = flow.step1_get_authorize_url()
return redirect(auth_url)
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def set_language(language):
"""
set a new language as active for the currently logged in User
:param language: the new language
:return: redirect to referrer
"""
if language in ("de", "en"):
# only store language in database when the User is logged in
if current_user.is_authenticated:
current_user.language = language
db.session.commit()
session["language"] = language
return redirect(request.referrer or url_for("mod_index.index"))
else:
abort(404)
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def authorize_view(self):
"""Flask view that starts the authorization flow.
Starts flow by redirecting the user to the OAuth2 provider.
"""
args = request.args.to_dict()
# Scopes will be passed as mutliple args, and to_dict() will only
# return one. So, we use getlist() to get all of the scopes.
args['scopes'] = request.args.getlist('scopes')
return_url = args.pop('return_url', None)
if return_url is None:
return_url = request.referrer or '/'
flow = self._make_flow(return_url=return_url, **args)
auth_url = flow.step1_get_authorize_url()
return redirect(auth_url)
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def telemetry(function):
def _wrapper(*args, **kwargs):
telemetry = Telemetry(referrer=request.referrer,
ip=md5(request.remote_addr).hexdigest(),
creation_date=datetime.now())
save(telemetry)
return function(*args, **kwargs)
return _wrapper
def login_form():
return render_template("admin/user_login.html", next=request.referrer)
def redirect_url(default='index'):
return request.args.get('next') or request.referrer or url_for('default')
def facebook_login():
return facebook.authorize(
callback=url_for('main.facebook_authorized',
next=request.referrer or None,
_external=True))
def twitter_login():
return twitter.authorize(
callback=url_for(
'main.twitter_authorized',
next=request.referrer or None,
_external=True))
def get_safe_redirect():
"""https://security.openstack.org/guidelines/dg_avoid-unvalidated-redirects.html""" # noqa
url = request.args.get('next')
if url and is_safe_redirect_url(url):
return url
url = request.referrer
if url and is_safe_redirect_url(url):
return url
return '/'
def order_app(billing_driver, template_id, plan_id):
data = KubeUtils._get_params()
app = PredefinedApp.get(template_id)
start_pod_from_yaml(app.get_filled_template_for_plan(plan_id, data),
dry_run=True)
filled = app.get_filled_template_for_plan(plan_id, data, as_yaml=True)
pkgid = app._get_package().id
return billing_driver.orderapp(pkgid=pkgid, yaml=filled,
referer=request.referrer)
def get_next_url(self):
"""Returns the URL where we want to redirect to. This will
always return a valid URL.
"""
return (
self.check_safe_root(request.values.get('next')) or
self.check_safe_root(request.referrer) or
(self.fallback_endpoint and
self.check_safe_root(url_for(self.fallback_endpoint))) or
request.url_root
)
def _change_password():
current = request.form.get('current_password', '')
new = request.form.get('new_password', '')
confirm = request.form.get('confirm_password', '')
if not check_password_hash(current_user['pwd_hash'], current):
flash('Current password is invalid', 'danger')
elif valid_new_password(new, confirm):
change_password(current_user, new)
flash('Password was successfully changed.', 'success')
return redirect(request.referrer)
def remove_group(self, id):
f = File(get_or_404(current_user.files, _id=id))
group = request.form.get('group')
if group in f['owners']:
flash('This group submitted this file themselves. You cannot neuralize them.', 'danger')
else:
f.remove_group(group)
return redirect(request.referrer)
def add_group(self, id):
f = File(get_or_404(current_user.files, _id=id))
group = request.form.get('group')
f.add_groups([group])
return redirect(request.referrer)
