Its not that easy to do but instead of generating the link say:
http://myrealsite.com/admin/change_password
If HTTP_HOST is somehow messed up say by Man In the Browser, in the
email, you could get something like:
http://hackersite.com/admin/change_password
If the user isn't paying attention, the
Not sure how the header injection will work in this case ?
As I see it, I am using this in the email text for the email body. This is
generated and sent in a view function I have. So, how will the http header
get inserted in this flow ?
Vibhu
On Fri, Nov 29, 2013 at 7:39 PM, Joseph Mutumi wro
I had the same problem. Wrote this:
def get_web_server_base_url(request, settings_override_name=None):
# Allow the value in the settings file to override any computed value.
url = None
if settings_override_name:
url = getattr(settings, settings_override_name, None)
if not
On Fri, Nov 29, 2013 at 2:09 PM, Joseph Mutumi wrote:
> That could work but isn't it a bit insecure? I think it will be susceptible
> to a header injection(http://en.wikipedia.org/wiki/HTTP_header_injection). I
> would rather create a setting with the domain name in settings.py and then
> call it
2013/11/29 Joseph Mutumi
> That could work but isn't it a bit insecure? I think it will be
> susceptible to a header injection(
> http://en.wikipedia.org/wiki/HTTP_header_injection). I would rather
> create a setting with the domain name in settings.py and then call it from
> the template or writ
That could work but isn't it a bit insecure? I think it will be susceptible
to a header injection(http://en.wikipedia.org/wiki/HTTP_header_injection).
I would rather create a setting with the domain name in settings.py and
then call it from the template or write a custom template tag.
On Fri, Nov
Good work!!
2013/11/29 Vibhu Rishi
> Thanks for the links. I had done the google searches and gone through
> them, but they seemed to me a lot of work to get something simple.
>
> I finally did the following. Any comments welcome if this is not a good
> way to do.
>
> In my view, I pass a conte
Thanks for the links. I had done the google searches and gone through them,
but they seemed to me a lot of work to get something simple.
I finally did the following. Any comments welcome if this is not a good way
to do.
In my view, I pass a context object of the request to the email template. I
n
and this can help too
http://stackoverflow.com/questions/2119342/python-url-template-tags-giving-only-part-of-a-absolute-url-must-be-a-lack-o
2013/11/29 Rafael E. Ferrero
>
> https://docs.djangoproject.com/en/dev/ref/contrib/sites/#getting-the-current-domain-for-full-urls
>
>
> 2013/11/29 Vibhu
https://docs.djangoproject.com/en/dev/ref/contrib/sites/#getting-the-current-domain-for-full-urls
2013/11/29 Vibhu Rishi
> hi,
>
> I have a setup where I have a project details page, and I can do a "send
> email" which should send the email with the URL.
>
> Email is working fine.
>
> The probl
10 matches
Mail list logo
