models.URLField with verify_exists=True pass non existent Urls to DB

[aurel...@gmail.com]

Hi,

I have a model with URLField. Parmether verify_exists is set to True,
but when I enter url that does not exists (e.g. http://foobarbarfoo.com,
or http://www.google.com/foobar) they somehow manage to get to the
DB.

Should model report error? Or I do not understand docs: "If True (the
default), the URL given will be checked for existence (i.e., the URL
actually loads and doesn't give a 404 response)." on
http://docs.djangoproject.com/en/dev/ref/models/fields/#urlfield

My model is:

class Link(models.Model):
url = models.URLField(verify_exists=True, unique=True)

class Bookmark(models.Model):
title = models.CharField(max_length=200)
user = models.ForeignKey(User)
link = models.ForeignKey(Link)

class Tag(models.Model):
name = models.CharField(max_length=64, unique=True)
bookmarks = models.ManyToManyField(Bookmark)

Form class is:

class BookmarkSaveForm(forms.Form):
url = forms.URLField(
label=u'URL',
widget=forms.TextInput(attrs={'size' : 64})
)
title = forms.CharField(
label=u'Title',
widget=forms.TextInput(attrs={'size' : 64})
)
tags = forms.CharField(
label=u'Tags',
required=False,
widget=forms.TextInput(attrs={'size' : 64})
)

View function that handle form is:

def bookmark_save_page(request):
if request.method == 'POST':
form = BookmarkSaveForm(request.POST)
if form.is_valid():
link, dummy = Link.objects.get_or_create(
url=form.cleaned_data['url']
)
bookmark, created = Bookmark.objects.get_or_create(
user=request.user,
link=link
)
# Update bookmark title.
bookmark.title = form.cleaned_data['title']
# If the bookmark is being updated, clear old tag list.
if not created:
bookmark.tag_set.clear()
# Create new tag list.
tag_names = form.cleaned_data['tags'].split()
for tag_name in tag_names:
tag, dummy = Tag.objects.get_or_create(name=tag_name)
bookmark.tag_set.add(tag)
# Save bookmark to database.
bookmark.save()

return HttpResponseRedirect(
'/user/%s/' %
request.user.username
)
else:
form = BookmarkSaveForm()
variables = RequestContext(request, {
'form' : form
})
return render_to_response('bookmark_save.html', variables)

I am using Django 1.2.1, Python 2.6.5 on Kubuntu 10.04 (64b)

Thanks,
Zlatan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: models.URLField with verify_exists=True pass non existent Urls to DB

[aurel...@gmail.com]

Thanks Karen!

Django 1.0 Web Site Development book (code example is from that book)
has following paragraph:
"By specifying correct field types in our form, we don't have to
implement any
additional input validation. For example, Django will automatically
make sure
that the user enters a valid URL because the corresponding field is
defined as
models.URLField."

So book has error, at least for Django 1.2

On Jun 16, 7:53 pm, Karen Tracey  wrote:
> On Wed, Jun 16, 2010 at 1:29 PM, aurel...@gmail.com wrote:
>
> > Hi,
>
> > I have a model with URLField. Parmether verify_exists is set to True,
> > but when I enter url that does not exists (e.g.http://foobarbarfoo.com,
> > orhttp://www.google.com/foobar) they somehow manage to get to the
> > DB.
>
> > Should model report error? Or I do not understand docs: "If True (the
> > default), the URL given will be checked for existence (i.e., the URL
> > actually loads and doesn't give a 404 response)." on
> >http://docs.djangoproject.com/en/dev/ref/models/fields/#urlfield
>
> This checking is done either when a ModelForm based on the model is used, or
> when full_clean() on a model instance is called. In the code you show you do
> neither of these things. You have created a regular Form with URLField, but
> when you create this form field you do not specify verify_exists=True. So
> when is_valid() is called on that form, it returns True even when the
> specified URL does not exist, because cleaning the form URL field does not
> check for the existence of the URL, since the form does not ask for that.
> Then the data from the cleaned form is used to create a model instance, but
> full_clean() is not called before saving that instance, so again the
> validation is bypassed. Easiest fix is to specify verify_exists on your
> form's URLField.
>
> Karen
> --http://tracey.org/kmt/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.