Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » Django
  • » models.URLField with verify_exists=True pass non existent Urls to DB [RSS Feed]

#1 June 16, 2010 18:29:49

a.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

models.URLField with verify_exists=True pass non existent Urls to DB


Hi,

I have a model with URLField. Parmether verify_exists is set to True,
but when I enter url that does not exists (e.g.http://foobarbarfoo.com,
orhttp://www.google.com/foobar) they somehow manage to get to the
DB.

Should model report error? Or I do not understand docs: "If True (the
default), the URL given will be checked for existence (i.e., the URL
actually loads and doesn't give a 404 response)." onhttp://docs.djangoproject.com/en/dev/ref/models/fields/#urlfieldMy model is:

class Link(models.Model):
url = models.URLField(verify_exists=True, unique=True)

class Bookmark(models.Model):
title = models.CharField(max_length=200)
user = models.ForeignKey(User)
link = models.ForeignKey(Link)

class Tag(models.Model):
name = models.CharField(max_length=64, unique=True)
bookmarks = models.ManyToManyField(Bookmark)

Form class is:

class BookmarkSaveForm(forms.Form):
url = forms.URLField(
label=u'URL',
widget=forms.TextInput(attrs={'size' : 64})
)
title = forms.CharField(
label=u'Title',
widget=forms.TextInput(attrs={'size' : 64})
)
tags = forms.CharField(
label=u'Tags',
required=False,
widget=forms.TextInput(attrs={'size' : 64})
)

View function that handle form is:

def bookmark_save_page(request):
if request.method == 'POST':
form = BookmarkSaveForm(request.POST)
if form.is_valid():
link, dummy = Link.objects.get_or_create(
url=form.cleaned_data
)
bookmark, created = Bookmark.objects.get_or_create(
user=request.user,
link=link
)
# Update bookmark title.
bookmark.title = form.cleaned_data
# If the bookmark is being updated, clear old tag list.
if not created:
bookmark.tag_set.clear()
# Create new tag list.
tag_names = form.cleaned_data.split()
for tag_name in tag_names:
tag, dummy = Tag.objects.get_or_create(name=tag_name)
bookmark.tag_set.add(tag)
# Save bookmark to database.
bookmark.save()

return HttpResponseRedirect(
'/user/%s/' %
request.user.username
)
else:
form = BookmarkSaveForm()
variables = RequestContext(request, {
'form' : form
})
return render_to_response('bookmark_save.html', variables)

I am using Django 1.2.1, Python 2.6.5 on Kubuntu 10.04 (64b)

Thanks,
Zlatan

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#2 June 16, 2010 18:53:34

Karen T.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

models.URLField with verify_exists=True pass non existent Urls to DB


On Wed, Jun 16, 2010 at 1:29 PM, aurel...@gmail.com <aurel...@gmail.com>wrote:

> Hi,
>
> I have a model with URLField. Parmether verify_exists is set to True,
> but when I enter url that does not exists (e.g.http://foobarbarfoo.com,
> orhttp://www.google.com/foobar) they somehow manage to get to the
> DB.
>
> Should model report error? Or I do not understand docs: "If True (the
> default), the URL given will be checked for existence (i.e., the URL
> actually loads and doesn't give a 404 response)." on
>http://docs.djangoproject.com/en/dev/ref/models/fields/#urlfield>
>
This checking is done either when a ModelForm based on the model is used, or
when full_clean() on a model instance is called. In the code you show you do
neither of these things. You have created a regular Form with URLField, but
when you create this form field you do not specify verify_exists=True. So
when is_valid() is called on that form, it returns True even when the
specified URL does not exist, because cleaning the form URL field does not
check for the existence of the URL, since the form does not ask for that.
Then the data from the cleaned form is used to create a model instance, but
full_clean() is not called before saving that instance, so again the
validation is bypassed. Easiest fix is to specify verify_exists on your
form's URLField.

Karen
--http://tracey.org/kmt/--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#3 June 16, 2010 22:14:16

a.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

models.URLField with verify_exists=True pass non existent Urls to DB


Thanks Karen!

Django 1.0 Web Site Development book (code example is from that book)
has following paragraph:
"By specifying correct field types in our form, we don't have to
implement any
additional input validation. For example, Django will automatically
make sure
that the user enters a valid URL because the corresponding field is
defined as
models.URLField."

So book has error, at least for Django 1.2

On Jun 16, 7:53 pm, Karen Tracey <kmtra...@gmail.com> wrote:
> On Wed, Jun 16, 2010 at 1:29 PM, aurel...@gmail.com <aurel...@gmail.com>wrote:
>
> > Hi,
>
> > I have a model with URLField. Parmether verify_exists is set to True,
> > but when I enter url that does not exists (e.g.http://foobarbarfoo.com,
> > orhttp://www.google.com/foobar) they somehow manage to get to the
> > DB.
>
> > Should model report error? Or I do not understand docs: "If True (the
> > default), the URL given will be checked for existence (i.e., the URL
> > actually loads and doesn't give a 404 response)." on
> >http://docs.djangoproject.com/en/dev/ref/models/fields/#urlfield>
> This checking is done either when a ModelForm based on the model is used, or
> when full_clean() on a model instance is called. In the code you show you do
> neither of these things. You have created a regular Form with URLField, but
> when you create this form field you do not specify verify_exists=True. So
> when is_valid() is called on that form, it returns True even when the
> specified URL does not exist, because cleaning the form URL field does not
> check for the existence of the URL, since the form does not ask for that.
> Then the data from the cleaned form is used to create a model instance, but
> full_clean() is not called before saving that instance, so again the
> validation is bypassed. Easiest fix is to specify verify_exists on your
> form's URLField.
>
> Karen
> --http://tracey.org/kmt/--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#4 June 17, 2010 18:37:08

Karen T.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

models.URLField with verify_exists=True pass non existent Urls to DB


On Wed, Jun 16, 2010 at 5:14 PM, aurel...@gmail.com <aurel...@gmail.com>wrote:

> Thanks Karen!
>
> Django 1.0 Web Site Development book (code example is from that book)
> has following paragraph:
> "By specifying correct field types in our form, we don't have to
> implement any
> additional input validation. For example, Django will automatically
> make sure
> that the user enters a valid URL because the corresponding field is
> defined as
> models.URLField."
>
> So book has error, at least for Django 1.2
>

I don't have that book so can't tell whether there is additional context
around whatever example is being discussed that makes the example work, but
this does sound a bit off. Django 1.0 did not have any model validation so
the only validation possible was via forms. By default a model form built
from a model will do all the validation noted for the model field. But if
you do not use a model form, or if you explicitly override any of the model
fields with your own specification for the form fields, then you are
responsible for ensuring that the form field you manually specify has all
the validation characteristics that you are looking for -- it won't be
somehow inherited from the associated model field. There is a note as far
back as the 1.1 documentation to this effect:http://docs.djangoproject.com/en/1.1/topics/forms/modelforms/#overriding-the-default-field-typesThe publisher of that book has a page for submitting errata:https://www.packtpub.com/submit-errataKaren
--http://tracey.org/kmt/--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

  • Root
  • » Django
  • » models.URLField with verify_exists=True pass non existent Urls to DB [RSS Feed]

Board footer

Moderator control

Enjoy the 15th of December
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support