Django:有没有办法知道一个url在应用程序中是否有效?
问题描述:
这是我的目标:
- 用户想登录
- 我打开一个按钮每个页面以urlback为参数,例如,如果我们在页面上
http://olivier.life/today,则登录的按钮将具有像 http://olivier.life/login?back=today - 用户登录
- 一旦用户登录,我检查
GET请求中是否有返回。如果是这样,那么我将重定向到GET
- the user wants to login
- I make a button on each page with the urlback as a parameter, for example if we are on the page
http://olivier.life/today, the button to login will have an url likehttp://olivier.life/login?back=today - the user logs in
- once the user is logged in, i check if there's a "
back" in the "GET" request. if so then I make a redirect to the url in theGET
我的url问题是一个安全问题:我只想知道 GET 中的URL是否是我的应用程序的一部分(对 urls.py 文件)。
My problem is a security problem: I just want to know if the URL in the GET is part of my application (is valid for one of the URLs in the urls.py file).
如何做?
答
使用 resolve 。有一个例子与文档中的这个用例非常接近。我想你的情况你想要的是:
Use resolve. There's an example that's very close to this use case in the docs. I think for your case you want something like:
def some_view(request):
redirect_target = request.GET.get('back')
if redirect_target:
try:
resolve_match = django.core.urlresolvers.resolve(redirect_target)
except django.core.urlresolvers.Resolver404:
# do something on bad input
else:
return django.shortcuts.redirect(redirect_target)
else:
# empty string redirect target, or not provided at all
# do something else