From 822988142666fccb216a17ef3abbee7b6bbcf76b Mon Sep 17 00:00:00 2001
From: Rob Hudson
Date: Tue, 7 Oct 2008 12:23:18 -0700
Subject: Clicking on a template file now will fetch and show the source of the
template. Thanks to Adam Gomaa for the patch.
---
debug_toolbar/views.py | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
(limited to 'debug_toolbar/views.py')
diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py
index 8af879f..b75397b 100644
--- a/debug_toolbar/views.py
+++ b/debug_toolbar/views.py
@@ -8,7 +8,7 @@ import os
import django.views.static
from django.conf import settings
from django.db import connection
-from django.http import HttpResponse
+from django.http import HttpResponse, HttpResponseBadRequest
from django.shortcuts import render_to_response
from django.utils import simplejson
from django.utils.hashcompat import sha_constructor
@@ -116,3 +116,32 @@ def sql_profile(request):
'headers': headers,
}
return render_to_response('debug_toolbar/panels/sql_explain.html', context)
+
+def template_source(request):
+ """
+ Return the source of a template, syntax-highlighted by Pygments if
+ it's available.
+ """
+ from django.template.loader import find_template_source
+ from django.utils.safestring import mark_safe
+
+ template_name = request.GET.get('template', None)
+ if template_name is None:
+ return HttpResponseBadRequest('"template" key is required')
+
+ source, origin = find_template_source(template_name)
+
+ try:
+ from pygments import highlight
+ from pygments.lexers import HtmlDjangoLexer
+ from pygments.formatters import HtmlFormatter
+
+ source = highlight(source, HtmlDjangoLexer(), HtmlFormatter())
+ source = mark_safe(source)
+ except ImportError:
+ pass
+
+ return render_to_response('debug_toolbar/panels/template_source.html', {
+ 'source': source,
+ 'template_name': template_name
+ })
--
cgit v1.2.3
From 03400c2c6b00ca8310cad7f30ac215d2b80d94b2 Mon Sep 17 00:00:00 2001
From: Rob Hudson
Date: Tue, 7 Oct 2008 12:37:04 -0700
Subject: Updating SQL views to return HttpResponseBadRequest on tamper
detection.
---
debug_toolbar/views.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
(limited to 'debug_toolbar/views.py')
diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py
index b75397b..e3bb5b1 100644
--- a/debug_toolbar/views.py
+++ b/debug_toolbar/views.py
@@ -35,7 +35,7 @@ def sql_select(request):
params = request.GET.get('params', '')
hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
if hash != request.GET.get('hash', ''):
- return HttpResponse('Tamper alert
') # SQL Tampering alert
+ return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().startswith('select'):
params = simplejson.loads(params)
cursor = connection.cursor()
@@ -66,7 +66,7 @@ def sql_explain(request):
params = request.GET.get('params', '')
hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
if hash != request.GET.get('hash', ''):
- return HttpResponse('Tamper alert
') # SQL Tampering alert
+ return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().startswith('select'):
params = simplejson.loads(params)
cursor = connection.cursor()
@@ -97,7 +97,7 @@ def sql_profile(request):
params = request.GET.get('params', '')
hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
if hash != request.GET.get('hash', ''):
- return HttpResponse('Tamper alert
') # SQL Tampering alert
+ return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().startswith('select'):
params = simplejson.loads(params)
cursor = connection.cursor()
--
cgit v1.2.3