优化上传URL类型图片的URL验证

app_doc/util_upload_img.py

@@ -6,6 +6,7 @@ from django.contrib.auth.decorators import login_required # 登录需求装饰
 from django.utils.translation import gettext_lazy as _
 import datetime,time,json,base64,os,uuid
 from app_doc.models import Image,ImageGroup,Attachment
+from app_doc.utils import validate_url
 from app_admin.models import SysSetting
 from loguru import logger
 import requests
@@ -148,6 +149,9 @@ def upload_img(request):
     manage_upload = request.FILES.get('manage_upload',None) # 图片管理上传
     try:
         url_img = json.loads(request.body.decode())['url']
+        url_img = validate_url(url_img)
+        if url_img is False:
+            return JsonResponse({"success": 0, "message": _("无效的URL！")})
     except:
         url_img = None
     dir_name = request.POST.get('dirname','')

app_doc/utils.py

@@ -1,4 +1,7 @@
 from app_doc.models import Doc,Project
+from django.core.validators import URLValidator
+from django.core.exceptions import ValidationError
+from urllib.parse import urlparse
 
 # 查找文档的下级文档
 def find_doc_next(doc_id):
@@ -97,3 +100,16 @@ def find_doc_sibling_sub(doc_id,sort):
         previous_doc = find_doc_sibling_sub(subdoc_list[len(subdoc) - 1],sort)
 
     return previous_doc
+
+
+# 验证URL的有效性，以及排除本地URL
+def validate_url(url):
+    try:
+        validate = URLValidator()
+        validate(url)
+        parsed_url = urlparse(url)
+        if parsed_url.hostname in ['localhost', '127.0.0.1']:
+            return False
+        return url
+    except:
+        return False