View Raw mode can be disabled

This commit is contained in:
Martin Mahner 2019-05-16 09:33:29 +02:00
parent 7eb6543d8b
commit 0aef364f2a
4 changed files with 20 additions and 3 deletions

View file

@ -9,6 +9,7 @@ Changelog
- Right-to-left support for text snippets. - Right-to-left support for text snippets.
- dart-sass is now used for SASS compilation. - dart-sass is now used for SASS compilation.
- Updated lexer list. - Updated lexer list.
- "View Raw" feature can be disabled in app config to hinder abuse.
.. _black: https://github.com/ambv/black .. _black: https://github.com/ambv/black

View file

@ -74,6 +74,9 @@ class dpasteAppConfig(AppConfig):
# is from another user. # is from another user.
ONETIME_LIMIT = 2 ONETIME_LIMIT = 2
# Disable "view Raw" mode.
RAW_MODE_ENABLED = True
# Lexers which have wordwrap enabled by default # Lexers which have wordwrap enabled by default
LEXER_WORDWRAP = ('rst',) LEXER_WORDWRAP = ('rst',)

View file

@ -33,7 +33,7 @@
<li> <li>
<a href="#delete">{% trans "Delete Now" %}</a> <a href="#delete">{% trans "Delete Now" %}</a>
</li> </li>
{% if snippet.expire_type != 3 %} {% if raw_mode and snippet.expire_type != 3 %}
<li><a href="{% url "snippet_details_raw" snippet.secret_id %}">{% trans "View Raw" %}</a></li> <li><a href="{% url "snippet_details_raw" snippet.secret_id %}">{% trans "View Raw" %}</a></li>
{% endif %} {% endif %}
{% if snippet.lexer != 'text' %} {% if snippet.lexer != 'text' %}

View file

@ -3,8 +3,13 @@ import difflib
import json import json
from django.apps import apps from django.apps import apps
from django.http import (Http404, HttpResponse, HttpResponseBadRequest, from django.http import (
HttpResponseRedirect) Http404,
HttpResponse,
HttpResponseBadRequest,
HttpResponseRedirect,
HttpResponseForbidden,
)
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from django.urls import reverse from django.urls import reverse
from django.utils.translation import ugettext from django.utils.translation import ugettext
@ -136,6 +141,7 @@ class SnippetDetailView(SnippetView, DetailView):
{ {
'wordwrap': self.object.lexer in highlight.LEXER_WORDWRAP, 'wordwrap': self.object.lexer in highlight.LEXER_WORDWRAP,
'diff': self.get_snippet_diff(), 'diff': self.get_snippet_diff(),
'raw_mode': config.RAW_MODE_ENABLED,
} }
) )
return ctx return ctx
@ -146,6 +152,13 @@ class SnippetRawView(SnippetDetailView):
Display the raw content of a snippet Display the raw content of a snippet
""" """
def dispatch(self, request, *args, **kwargs):
if not config.RAW_MODE_ENABLED:
return HttpResponseForbidden(
'This dpaste installation has Raw view mode disabled.'
)
return super(SnippetRawView, self).dispatch(request, *args, **kwargs)
def render_to_response(self, context, **response_kwargs): def render_to_response(self, context, **response_kwargs):
snippet = self.get_object() snippet = self.get_object()
response = HttpResponse(snippet.content) response = HttpResponse(snippet.content)