Opened 9 years ago

Closed 9 years ago

#26244 closed Cleanup/optimization (wontfix)

URLValidator and http/request.py use different validators

Reported by: Zach Borboa Owned by: nobody
Component: HTTP handling Version: dev
Severity: Normal Keywords:
Cc: Florian Apolloner Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The host validation patterns should probably be the same and written in a way that allows their reuse.

~ https://github.com/django/django/blob/master/django/core/validators.py#L99
~ https://github.com/django/django/blob/master/django/http/request.py#L25

Change History (5)

comment:1 by Tim Graham, 9 years ago

Component: UncategorizedHTTP handling
Type: UncategorizedCleanup/optimization

Unless there is some problem that fixing this will solve, I vote not to try to combine the two. URLValidator changes too often. If we cause some regression there, at least it's some limited compared to if we also break django.http.request.

comment:2 by Zach Borboa, 9 years ago

host_validation_re could be changed from

host_validation_re = re.compile(r"^([a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9:]+\])(:\d+)?$")

to something like

host_validation_re = re.compile(
        r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')'
        r'(?::\d{2,5})?'  # port
)

comment:3 by Tim Graham, 9 years ago

Cc: Florian Apolloner added

Florian, what do you think? The regular expression in request.py is a security fix from 27560924ec1e567be4727ef8d7dfc4d3879c048c.

comment:4 by Florian Apolloner, 9 years ago

I do not see big wins in changing it and am worried that it becomes a nightmare like we have with host_re. Simple & easy is preferable in those code paths imo.

comment:5 by Tim Graham, 9 years ago

Resolution: wontfix
Status: newclosed

Thanks, sounds like we're in agreement then.

Note: See TracTickets for help on using tickets.
Back to Top