def isSafeUrl(target):
""" Checks URL for safety to ensure that it does not redirect unexpectedly.
Args:
target (str): URL for the target to test.
Returns:
bool: True if the URL is safe.
"""
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
###################################################
python类host_url()的实例源码
def is_safe_url(target):
ref_url = urlparse.urlparse(request.host_url)
test_url = urlparse.urlparse(urlparse.urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and \
ref_url.netloc == test_url.netloc
def _DL(self, src, execute_in_gid, group_config_type, executor_permission, text):
regex_list = packer_factory._DL
regex_result = tool.regex_finder.find_match(regex_list, text)
if regex_result is None:
return
if regex_result.match_at == 0:
package_id = regex_result.group(1)
including_sound = regex_result.group(2) is not None
try:
sticker_meta = self._sticker_dl.get_pack_meta(package_id)
except tool.MetaNotFoundException:
return error.main.miscellaneous(u'???????(??ID: {})'.format(package_id))
dl_result = self._sticker_dl.download_stickers(sticker_meta, including_sound)
with self._flask_app.test_request_context():
url = request.host_url
ret = [u'???????????????', u'?????????????', u'LINE??????????????????????????', u'?????????gif???? https://ezgif.com/apng-to-gif', u'']
ret.append(u'??ID: {}'.format(sticker_meta.pack_id))
ret.append(u'{} (? {} ??)'.format(sticker_meta.title, sticker_meta.author))
ret.append(u'')
ret.append(u'??????: (??)')
ret.append(u'???? {:.3f} ?'.format(dl_result.downloading_consumed_time))
ret.append(u'???? {:.3f} ?'.format(dl_result.compression_consumed_time))
ret.append(u'???? {} ?'.format(dl_result.sticker_count))
return [bot.line_api_wrapper.wrap_text_message(txt, self._webpage_generator) for txt in (u'\n'.join(ret), url + dl_result.compressed_file_path.replace("\\", "\\\\"))]
else:
raise RegexNotImplemented(error.sys_command.regex_not_implemented(u'DL', regex_result.match_at, regex_result.regex))
def validate_redirect_url(url):
if url is None or url.strip() == '':
return False
url_next = urlsplit(url)
url_base = urlsplit(request.host_url)
if (url_next.netloc or url_next.scheme) and url_next.netloc != url_base.netloc:
return False
return True
def is_safe_url(target):
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
is_safe = test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
return is_safe
def try_login(self, identity_url, ask_for=None, ask_for_optional=None,
extensions=None, immediate=False):
"""This tries to login with the given identity URL. This function
must be called from the login_handler. The `ask_for` and
`ask_for_optional`parameter can be a set of values to be asked
from the openid provider, where keys in `ask_for` are marked as
required, and keys in `ask_for_optional` are marked as optional.
The following strings can be used in the `ask_for` and
`ask_for_optional` parameters:
``aim``, ``blog``, ``country``, ``dob`` (date of birth), ``email``,
``fullname``, ``gender``, ``icq``, ``image``, ``jabber``, ``language``,
``msn``, ``nickname``, ``phone``, ``postcode``, ``skype``,
``timezone``, ``website``, ``yahoo``
`extensions` can be a list of instances of OpenID extension requests
that should be passed on with the request. If you use this, please make
sure to pass the Response classes of these extensions when initializing
OpenID.
`immediate` can be used to indicate this request should be a so-called
checkid_immediate request, resulting in the provider not showing any
UI.
Note that this adds a new possible response: SetupNeeded, which is the
server saying it doesn't have enough information yet to authorized or
reject the authentication (probably, the user needs to sign in or
approve the trust root).
"""
if ask_for and __debug__:
for key in ask_for:
if key not in ALL_KEYS:
raise ValueError('invalid key %r' % key)
if ask_for_optional:
for key in ask_for_optional:
if key not in ALL_KEYS:
raise ValueError('invalid optional key %r' % key)
try:
consumer = Consumer(SessionWrapper(self), self.store_factory())
auth_request = consumer.begin(identity_url)
if ask_for or ask_for_optional:
self.attach_reg_info(auth_request, ask_for, ask_for_optional)
if extensions:
for extension in extensions:
auth_request.addExtension(extension)
except discover.DiscoveryFailure:
self.signal_error(u'The OpenID was invalid')
return redirect(self.get_current_url())
if self.url_root_as_trust_root:
trust_root = request.url_root
else:
trust_root = request.host_url
return redirect(auth_request.redirectURL(trust_root,
self.get_success_url(),
immediate=immediate))
def _upload():
if request.method == 'POST':
file = request.files['files[]']
# get filename and folders
file_name = secure_filename(file.filename)
directory = str(unique_id())
upload_folder = myapp.config['UPLOAD_FOLDER']
if file.filename == '':
return redirect(request.url)
if file:
#and allowed_file(file.filename)
save_dir = os.path.join(upload_folder, directory)
if not os.path.exists(save_dir):
os.makedirs(save_dir)
cmpl_path = os.path.join(save_dir, file_name)
file.save(cmpl_path)
size = os.stat(cmpl_path).st_size
# create our file from the model and add it to the database
dbfile = File(file_name, directory, size, file.mimetype)
g.user.uploads.append(dbfile)
db.session().add(dbfile)
db.session().commit()
if "image" in dbfile.mimetype:
get_thumbnail(cmpl_path, "100")
thumbnail_url = request.host_url + 'thumbs/' + directory
else:
thumbnail_url = ""
url = request.host_url + 'uploads/' + directory
delete_url = url
delete_type = "DELETE"
file = {"name": file_name, "url": url, "thumbnailUrl": thumbnail_url, "deleteUrl": delete_url,
"deleteType": delete_type, "uid": directory}
return jsonify(files=[file])
else:
return jsonify(files=[{"name": file_name, "error": responds['FILETYPE_NOT_ALLOWED']}])
def try_login(self, identity_url, ask_for=None, ask_for_optional=None,
extensions=None, immediate=False):
"""This tries to login with the given identity URL. This function
must be called from the login_handler. The `ask_for` and
`ask_for_optional`parameter can be a set of values to be asked
from the openid provider, where keys in `ask_for` are marked as
required, and keys in `ask_for_optional` are marked as optional.
The following strings can be used in the `ask_for` and
`ask_for_optional` parameters:
``aim``, ``blog``, ``country``, ``dob`` (date of birth), ``email``,
``fullname``, ``gender``, ``icq``, ``image``, ``jabber``, ``language``,
``msn``, ``nickname``, ``phone``, ``postcode``, ``skype``,
``timezone``, ``website``, ``yahoo``
`extensions` can be a list of instances of OpenID extension requests
that should be passed on with the request. If you use this, please make
sure to pass the Response classes of these extensions when initializing
OpenID.
`immediate` can be used to indicate this request should be a so-called
checkid_immediate request, resulting in the provider not showing any
UI.
Note that this adds a new possible response: SetupNeeded, which is the
server saying it doesn't have enough information yet to authorized or
reject the authentication (probably, the user needs to sign in or
approve the trust root).
"""
if ask_for and __debug__:
for key in ask_for:
if key not in ALL_KEYS:
raise ValueError('invalid key %r' % key)
if ask_for_optional:
for key in ask_for_optional:
if key not in ALL_KEYS:
raise ValueError('invalid optional key %r' % key)
try:
consumer = Consumer(SessionWrapper(self), self.store_factory())
auth_request = consumer.begin(identity_url)
if ask_for or ask_for_optional:
self.attach_reg_info(auth_request, ask_for, ask_for_optional)
if extensions:
for extension in extensions:
auth_request.addExtension(extension)
except discover.DiscoveryFailure:
self.signal_error(u'The OpenID was invalid')
return redirect(self.get_current_url())
if self.url_root_as_trust_root:
trust_root = request.url_root
else:
trust_root = request.host_url
return redirect(auth_request.redirectURL(trust_root,
self.get_success_url(),
immediate=immediate))
def try_login(self, identity_url, ask_for=None, ask_for_optional=None,
extensions=None, immediate=False):
"""This tries to login with the given identity URL. This function
must be called from the login_handler. The `ask_for` and
`ask_for_optional`parameter can be a set of values to be asked
from the openid provider, where keys in `ask_for` are marked as
required, and keys in `ask_for_optional` are marked as optional.
The following strings can be used in the `ask_for` and
`ask_for_optional` parameters:
``aim``, ``blog``, ``country``, ``dob`` (date of birth), ``email``,
``fullname``, ``gender``, ``icq``, ``image``, ``jabber``, ``language``,
``msn``, ``nickname``, ``phone``, ``postcode``, ``skype``,
``timezone``, ``website``, ``yahoo``
`extensions` can be a list of instances of OpenID extension requests
that should be passed on with the request. If you use this, please make
sure to pass the Response classes of these extensions when initializing
OpenID.
`immediate` can be used to indicate this request should be a so-called
checkid_immediate request, resulting in the provider not showing any
UI.
Note that this adds a new possible response: SetupNeeded, which is the
server saying it doesn't have enough information yet to authorized or
reject the authentication (probably, the user needs to sign in or
approve the trust root).
"""
if ask_for and __debug__:
for key in ask_for:
if key not in ALL_KEYS:
raise ValueError('invalid key %r' % key)
if ask_for_optional:
for key in ask_for_optional:
if key not in ALL_KEYS:
raise ValueError('invalid optional key %r' % key)
try:
consumer = Consumer(SessionWrapper(self), self.store_factory())
auth_request = consumer.begin(identity_url)
if ask_for or ask_for_optional:
self.attach_reg_info(auth_request, ask_for, ask_for_optional)
if extensions:
for extension in extensions:
auth_request.addExtension(extension)
except discover.DiscoveryFailure:
self.signal_error(u'The OpenID was invalid')
return redirect(self.get_current_url())
if self.url_root_as_trust_root:
trust_root = request.url_root
else:
trust_root = request.host_url
return redirect(auth_request.redirectURL(trust_root,
self.get_success_url(),
immediate=immediate))
