##// END OF EJS Templates
escape URLs in Location headers
MinRK -
Show More
@@ -22,7 +22,7 b' from tornado import web'
22 from zmq.utils import jsonapi
22 from zmq.utils import jsonapi
23
23
24 from IPython.utils.jsonutil import date_default
24 from IPython.utils.jsonutil import date_default
25 from IPython.html.utils import url_path_join
25 from IPython.html.utils import url_path_join, url_escape
26
26
27 from ...base.handlers import IPythonHandler, json_errors
27 from ...base.handlers import IPythonHandler, json_errors
28 from ...base.zmqhandlers import AuthenticatedZMQStreamHandler
28 from ...base.zmqhandlers import AuthenticatedZMQStreamHandler
@@ -47,7 +47,7 b' class MainKernelHandler(IPythonHandler):'
47 kernel_id = km.start_kernel()
47 kernel_id = km.start_kernel()
48 model = km.kernel_model(kernel_id, self.ws_url)
48 model = km.kernel_model(kernel_id, self.ws_url)
49 location = url_path_join(self.base_kernel_url, 'api', 'kernels', kernel_id)
49 location = url_path_join(self.base_kernel_url, 'api', 'kernels', kernel_id)
50 self.set_header('Location', location)
50 self.set_header('Location', url_escape(location))
51 self.set_status(201)
51 self.set_status(201)
52 self.finish(jsonapi.dumps(model))
52 self.finish(jsonapi.dumps(model))
53
53
@@ -20,7 +20,7 b' import json'
20
20
21 from tornado import web
21 from tornado import web
22
22
23 from IPython.html.utils import url_path_join
23 from IPython.html.utils import url_path_join, url_escape
24 from IPython.utils.jsonutil import date_default
24 from IPython.utils.jsonutil import date_default
25
25
26 from IPython.html.base.handlers import IPythonHandler, json_errors
26 from IPython.html.base.handlers import IPythonHandler, json_errors
@@ -44,7 +44,9 b' class NotebookHandler(IPythonHandler):'
44 path : unicode
44 path : unicode
45 The URL path of the notebook.
45 The URL path of the notebook.
46 """
46 """
47 return url_path_join(self.base_project_url, 'api', 'notebooks', path, name)
47 return url_escape(url_path_join(
48 self.base_project_url, 'api', 'notebooks', path, name
49 ))
48
50
49 def _finish_model(self, model, location=True):
51 def _finish_model(self, model, location=True):
50 """Finish a JSON request with a model, setting relevant headers, etc."""
52 """Finish a JSON request with a model, setting relevant headers, etc."""
@@ -222,7 +224,7 b' class NotebookCheckpointsHandler(IPythonHandler):'
222 data = json.dumps(checkpoint, default=date_default)
224 data = json.dumps(checkpoint, default=date_default)
223 location = url_path_join(self.base_project_url, 'api/notebooks',
225 location = url_path_join(self.base_project_url, 'api/notebooks',
224 path, name, 'checkpoints', checkpoint['id'])
226 path, name, 'checkpoints', checkpoint['id'])
225 self.set_header('Location', location)
227 self.set_header('Location', url_escape(location))
226 self.set_status(201)
228 self.set_status(201)
227 self.finish(data)
229 self.finish(data)
228
230
@@ -12,7 +12,7 b' pjoin = os.path.join'
12
12
13 import requests
13 import requests
14
14
15 from IPython.html.utils import url_path_join
15 from IPython.html.utils import url_path_join, url_escape
16 from IPython.html.tests.launchnotebook import NotebookTestBase, assert_http_error
16 from IPython.html.tests.launchnotebook import NotebookTestBase, assert_http_error
17 from IPython.nbformat.current import (new_notebook, write, read, new_worksheet,
17 from IPython.nbformat.current import (new_notebook, write, read, new_worksheet,
18 new_heading_cell, to_notebook_json)
18 new_heading_cell, to_notebook_json)
@@ -164,7 +164,7 b' class APITest(NotebookTestBase):'
164 def _check_nb_created(self, resp, name, path):
164 def _check_nb_created(self, resp, name, path):
165 self.assertEqual(resp.status_code, 201)
165 self.assertEqual(resp.status_code, 201)
166 location_header = py3compat.str_to_unicode(resp.headers['Location'])
166 location_header = py3compat.str_to_unicode(resp.headers['Location'])
167 self.assertEqual(location_header.split('/')[-1], name)
167 self.assertEqual(location_header, url_escape(url_path_join(u'/api/notebooks', path, name)))
168 self.assertEqual(resp.json()['name'], name)
168 self.assertEqual(resp.json()['name'], name)
169 assert os.path.isfile(pjoin(self.notebook_dir.name, path, name))
169 assert os.path.isfile(pjoin(self.notebook_dir.name, path, name))
170
170
@@ -185,7 +185,7 b' class APITest(NotebookTestBase):'
185 nbmodel = {'content': nb}
185 nbmodel = {'content': nb}
186 resp = self.nb_api.upload_untitled(path=u'å b',
186 resp = self.nb_api.upload_untitled(path=u'å b',
187 body=jsonapi.dumps(nbmodel))
187 body=jsonapi.dumps(nbmodel))
188 self._check_nb_created(resp, 'Untitled0.ipynb', 'å b')
188 self._check_nb_created(resp, 'Untitled0.ipynb', u'å b')
189
189
190 def test_upload(self):
190 def test_upload(self):
191 nb = new_notebook(name=u'ignored')
191 nb = new_notebook(name=u'ignored')
@@ -22,7 +22,7 b' from tornado import web'
22
22
23 from ...base.handlers import IPythonHandler, json_errors
23 from ...base.handlers import IPythonHandler, json_errors
24 from IPython.utils.jsonutil import date_default
24 from IPython.utils.jsonutil import date_default
25 from IPython.html.utils import url_path_join
25 from IPython.html.utils import url_path_join, url_escape
26
26
27 #-----------------------------------------------------------------------------
27 #-----------------------------------------------------------------------------
28 # Session web service handlers
28 # Session web service handlers
@@ -65,7 +65,7 b' class SessionRootHandler(IPythonHandler):'
65 kernel_id = km.start_kernel(cwd=nbm.notebook_dir)
65 kernel_id = km.start_kernel(cwd=nbm.notebook_dir)
66 model = sm.create_session(name=name, path=path, kernel_id=kernel_id, ws_url=self.ws_url)
66 model = sm.create_session(name=name, path=path, kernel_id=kernel_id, ws_url=self.ws_url)
67 location = url_path_join(self.base_kernel_url, 'api', 'sessions', model['id'])
67 location = url_path_join(self.base_kernel_url, 'api', 'sessions', model['id'])
68 self.set_header('Location', location)
68 self.set_header('Location', url_escape(location))
69 self.set_status(201)
69 self.set_status(201)
70 self.finish(json.dumps(model, default=date_default))
70 self.finish(json.dumps(model, default=date_default))
71
71
General Comments 0
You need to be logged in to leave comments. Login now