mirror of
https://github.com/DarrenOfficial/dpaste.git
synced 2024-11-23 03:46:37 +11:00
API Escape (#241)
* chore: add pycaches to gitignore * fix: correct escaping of api responses The API did not respond as intended. :D Co-authored-by: <Brian Ferri brian.ferri19@gmail.com>
This commit is contained in:
parent
288e9236d0
commit
ef1a5da22a
2 changed files with 5 additions and 6 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -6,3 +6,4 @@ dpaste/static/
|
||||||
dpaste.egg-info
|
dpaste.egg-info
|
||||||
dpaste.sqlite
|
dpaste.sqlite
|
||||||
node_modules
|
node_modules
|
||||||
|
**/__pycache__/
|
|
@ -13,6 +13,7 @@ from django.http import (
|
||||||
from django.shortcuts import get_object_or_404, render
|
from django.shortcuts import get_object_or_404, render
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
from django.utils.html import escape
|
||||||
from django.utils.cache import add_never_cache_headers, patch_cache_control
|
from django.utils.cache import add_never_cache_headers, patch_cache_control
|
||||||
from django.utils.translation import gettext
|
from django.utils.translation import gettext
|
||||||
from django.views.generic import FormView
|
from django.views.generic import FormView
|
||||||
|
@ -290,8 +291,7 @@ class APIView(View):
|
||||||
# A lexer is given, check if its valid at all
|
# A lexer is given, check if its valid at all
|
||||||
if lexer and lexer not in highlight.LEXER_KEYS:
|
if lexer and lexer not in highlight.LEXER_KEYS:
|
||||||
return HttpResponseBadRequest(
|
return HttpResponseBadRequest(
|
||||||
'Invalid lexer "%s" given. Valid lexers are: %s'
|
f'Invalid lexer choice "{escape(lexer)}" given. Valid lexer values are: {", ".join(highlight.LEXER_KEYS)}'
|
||||||
% (lexer, ", ".join(highlight.LEXER_KEYS))
|
|
||||||
)
|
)
|
||||||
|
|
||||||
# No lexer is given, but we have a filename, try to get the lexer
|
# No lexer is given, but we have a filename, try to get the lexer
|
||||||
|
@ -308,9 +308,7 @@ class APIView(View):
|
||||||
expire_options = [str(i) for i in dict(config.EXPIRE_CHOICES)]
|
expire_options = [str(i) for i in dict(config.EXPIRE_CHOICES)]
|
||||||
if expires not in expire_options:
|
if expires not in expire_options:
|
||||||
return HttpResponseBadRequest(
|
return HttpResponseBadRequest(
|
||||||
'Invalid expire choice "{}" given. Valid values are: {}'.format(
|
f'Invalid expire choice "{escape(expires)}" given. Valid expire values are: {", ".join(expire_options)}'
|
||||||
expires, ", ".join(expire_options)
|
|
||||||
)
|
|
||||||
)
|
)
|
||||||
expires, expire_type = get_expire_values(expires)
|
expires, expire_type = get_expire_values(expires)
|
||||||
else:
|
else:
|
||||||
|
@ -352,4 +350,4 @@ def handler500(request, template_name="dpaste/500.html"):
|
||||||
context.update(config.extra_template_context)
|
context.update(config.extra_template_context)
|
||||||
response = render(request, template_name, context, status=500)
|
response = render(request, template_name, context, status=500)
|
||||||
add_never_cache_headers(response)
|
add_never_cache_headers(response)
|
||||||
return response
|
return response
|
Loading…
Reference in a new issue