Mercurial > public > sg101

diff core/management/commands/ssl_images.py @ 963:4619290d171d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Whitelist hot-linked image sources.
author Brian Neal <bgneal@gmail.com>
date Tue, 01 Sep 2015 20:33:40 -0500
parents 62cd07bb891c
children a6331579ff43
line wrap: on
line diff
--- a/core/management/commands/ssl_images.py	Tue Aug 04 16:58:17 2015 -0500
+++ b/core/management/commands/ssl_images.py	Tue Sep 01 20:33:40 2015 -0500
@@ -39,6 +39,7 @@
                           re.DOTALL | re.UNICODE)
 
 SG101_HOSTS = set(['www.surfguitar101.com', 'surfguitar101.com'])
+WHITELIST_HOSTS = set(settings.USER_IMAGES_SOURCES)
 MODEL_CHOICES = ['comments', 'posts']
 
 PHOTO_MAX_SIZE = (660, 720)
@@ -224,7 +225,10 @@
             # Try a few things to get this on ssl:
             new_src = convert_to_ssl(r)
         elif r.scheme == 'https':
-            new_src = src       # already https, accept it as-is
+            if r.hostname in WHITELIST_HOSTS:
+                new_src = src   # already in whitelist
+            else:
+                new_src = convert_to_ssl(r)
 
     if new_src:
         if title: