Comments (6)
for some reason this field is missing
We set the "referrer" value when we initialise the form.
See https://github.com/mishbahr/djangocms-forms/blob/master/djangocms_forms/cms_plugins.py#L123
So it should be rendered as a hidden form input in the template.
Can you tell me a scenario where this will not be the case?
from djangocms-forms.
We can't depend on HTTP_REFERER
.. but we can always try to get HTTP_REFERER
and fallback to root url i.e /
form.redirect_url
orform.cleaned_data.get('referrer', None)
orself.request.META.get('HTTP_REFERER', '/')
from djangocms-forms.
Request to '/forms/submit/` can be made not only by the plugin but also by some bots or vulnerability scanners.
We need to be exception safe and never return error 500, because this can lead to mail flood (if mail_admins
error handler is used).
I prepared a patch in #40 which also adds another level of security by validating the URL with django.utils.http.is_safe_url
from djangocms-forms.
@mishbahr
Even after my patch there is another way of forcing error 500 with bad referrer
value. I was wondering if it will be a good idea to make some validation in the form itself in clean_referrer
method.
I can prepare a patch but I first wanted to ask you for more context before I start implementing anything.
By definition the value in referrer
field will always be an absolute URL without domain (always starts with /
) and never will be some "random" text that will describe the form (for example "Contact form" or something)?
If we assume that these are the restrictions then I can make necessary modifications and create another PR.
P.S. Is there a need to open another issue or you can reopen this one?
from djangocms-forms.
Can you give me examples of scenario where you are still getting a 500 error?
from djangocms-forms.
If referrer
value is some string without any /
in it. Then Django will think that this is named url and will try to resolve it when calling redirect(redirect_url)
. If there is no such named URL defined in urls.py then it will raise NoReverseMatch
exception.
from djangocms-forms.
Related Issues (20)
- Missing migrations HOT 2
- Empty choice of Form Template yields in error during rendering
- Issues with files stored using boto
- Incorrect behavior with "Form submissions" while copying the plugin.
- Form submissions "sent on" does not respect settings.TIME_ZONE
- admin html rendering HOT 2
- django.conf.urls.patterns() was removed in 1.10 HOT 1
- Is is possible to add DjangoCMS TextPlugin?
- 'PluginReferenceField' object has no attribute 'rel' HOT 1
- 'PluginReferenceField' object has no attribute 'rel' HOT 1
- 'PluginReferenceField' object has no attribute 'rel' HOT 1
- success message not appearing after submitting form.
- How to use Jquery Validation for djangocms forms
- How to customize the template to get application forms design for djangocms form. HOT 1
- default attached file for e-mail
- 'Dataset' object has no attribute 'xls' HOT 2
- Python 2 Compatible? HOT 3
- compatibility with django 3.9 HOT 1
- Make email work on form submission wtih djangocms 3.11 and python 3.7
- Bug with file upload on form submission AttributeError: 'InMemoryUploadedFile' object has no attribute '_size'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from djangocms-forms.