Added validation for slugs conflicting with 3rd party URLs, and option to…

Added validation for slugs conflicting with 3rd party URLs, and option to disable with ALLOW_OVERLAPPING_THIRD_PARTY_URL = True

wiki/conf/settings.py

@@ -26,6 +26,10 @@ MARKDOWN_KWARGS.update(getattr( django_settings, 'WIKI_MARKDOWN_KWARGS', {} ))
 # and all their content.
 LOST_AND_FOUND_SLUG = getattr( django_settings, 'WIKI_LOST_AND_FOUND_SLUG', 'lost-and-found' )
 
+# When False, this blocks new slugs that resolve to non-wiki views, stopping
+# users creating articles that conflict with overlapping URLs from other apps.
+ALLOW_OVERLAPPING_THIRD_PARTY_URL = getattr( django_settings, 'WIKI_ALLOW_OVERLAPPING_THIRD_PARTY_URL', False )
+
 # Do we want to log IPs?
 LOG_IPS_ANONYMOUS = getattr( django_settings, 'WIKI_LOG_IPS_ANONYMOUS', True )
 LOG_IPS_USERS = getattr( django_settings, 'WIKI_LOG_IPS_USERS', False )

wiki/forms.py

@@ -16,6 +16,7 @@ except ImportError:
     def force_unicode(x):
         return(x)
 from django.utils.html import escape, conditional_escape
+from django.core.urlresolvers import resolve, Resolver404
 
 from itertools import chain
 
@@ -271,6 +272,15 @@ class CreateForm(forms.Form, SpamProtectionMixin):
             else:
                 raise forms.ValidationError(_('A slug named "%s" already exists.') % already_urlpath.slug)
         
+        if not settings.ALLOW_OVERLAPPING_THIRD_PARTY_URL:
+            try:
+                # Fail validation if URL resolves to non-wiki app
+                match = resolve(self.urlpath_parent.path + '/' + slug + '/')
+                if match.app_name != 'wiki':
+                    raise forms.ValidationError(_('This slug conflicts with an existing URL.'))
+            except Resolver404:
+                pass
+        
         return slug
     
     def clean(self):