django-commons · aflukasz · Feb 19, 2013 · Feb 19, 2013
diff --git a/debug_toolbar/static/debug_toolbar/js/toolbar.js b/debug_toolbar/static/debug_toolbar/js/toolbar.js
@@ -32,8 +32,20 @@ window.djdt = (function(window, document, jQuery) {
 				$('#djDebugToolbar li').removeClass('active');
 				return false;
 			});
-			$('#djDebug a.remoteCall').live('click', function() {
-				$('#djDebugWindow').load(this.href, function(response, status, xhr) {
+			$('#djDebug a.remoteCall').live('click', function(e) {
+				var data = '';
+				var a = $(this);
+				if (a.hasClass('remoteCallPost')) {
+					data = {};
+					var prefix = 'data-';
+					$.each(this.attributes, function(idx, attribute) {
+						if (attribute.name.indexOf(prefix) === 0) {
+							var param = attribute.name.substring(prefix.length);
+							data[param] = param ? decodeURIComponent(a.attr(attribute.name)) : undefined;
+						}
+					});
+				}
+				$('#djDebugWindow').load(this.href, data, function(response, status, xhr) {
 					if (status == "error") {
 						var message = '<div class="djDebugPanelTitle"><a class="djDebugClose djDebugBack" href="">Back</a><h3>'+xhr.status+': '+xhr.statusText+'</h3></div>';
 						$('#djDebugWindow').html(message);

diff --git a/debug_toolbar/templates/debug_toolbar/panels/sql.html b/debug_toolbar/templates/debug_toolbar/panels/sql.html
@@ -43,10 +43,10 @@
 					<td class="actions">
 					{% if query.params %}
 						{% if query.is_select %}
-							<a class="remoteCall" href="/__debug__/sql_select/?sql={{ query.raw_sql|urlencode }}&amp;params={{ query.params|urlencode }}&amp;duration={{ query.duration|floatformat:"2"|urlencode }}&amp;hash={{ query.hash }}&amp;alias={{ query.alias|urlencode }}">Sel</a>
-							<a class="remoteCall" href="/__debug__/sql_explain/?sql={{ query.raw_sql|urlencode }}&amp;params={{ query.params|urlencode }}&amp;duration={{ query.duration|floatformat:"2"|urlencode }}&amp;hash={{ query.hash }}&amp;alias={{ query.alias|urlencode }}">Expl</a>
+							<a class="remoteCall remoteCallPost" href="/__debug__/sql_select/" data-sql="{{ query.raw_sql|urlencode }}" data-params="{{ query.params|urlencode }}" data-duration="{{ query.duration|floatformat:"2"|urlencode }}" data-hash="{{ query.hash }}" data-alias="{{ query.alias|urlencode }}">Sel</a>
+							<a class="remoteCall remoteCallPost" href="/__debug__/sql_explain/" data-sql="{{ query.raw_sql|urlencode }}" data-params="{{ query.params|urlencode }}" data-duration="{{ query.duration|floatformat:"2"|urlencode }}" data-hash="{{ query.hash }}" data-alias="{{ query.alias|urlencode }}">Expl</a>
 							{% ifequal query.engine 'mysql' %}
-								<a class="remoteCall" href="/__debug__/sql_profile/?sql={{ query.raw_sql|urlencode }}&amp;params={{ query.params|urlencode }}&amp;duration={{ query.duration|floatformat:"2"|urlencode }}&amp;hash={{ query.hash }}&amp;alias={{ query.alias|urlencode }}">Prof</a>
+								<a class="remoteCall remoteCallPost" href="/__debug__/sql_profile/" data-sql="{{ query.raw_sql|urlencode }}" data-params="{{ query.params|urlencode }}" data-duration="{{ query.duration|floatformat:"2"|urlencode }}" data-hash="{{ query.hash }}" data-alias="{{ query.alias|urlencode }}">Prof</a>
 							{% endifequal %}
 						{% endif %}
 					{% endif %}

diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py
@@ -35,18 +35,18 @@ def sql_select(request):
     """
     Returns the output of the SQL SELECT statement.
 
-    Expected GET variables:
+    Expected POST variables:
         sql: urlencoded sql with positional arguments
         params: JSON encoded parameter values
         duration: time for SQL to execute passed in from toolbar just for redisplay
         hash: the hash of (secret + sql + params) for tamper checking
     """
     from debug_toolbar.panels.sql import reformat_sql
-    sql = request.GET.get('sql', '')
-    params = request.GET.get('params', '')
-    alias = request.GET.get('alias', 'default')
+    sql = request.POST.get('sql', '')
+    params = request.POST.get('params', '')
+    alias = request.POST.get('alias', 'default')
     hash = sha1(settings.SECRET_KEY + sql + params).hexdigest()
-    if hash != request.GET.get('hash', ''):
+    if hash != request.POST.get('hash', ''):
         return HttpResponseBadRequest('Tamper alert')  # SQL Tampering alert
     if sql.lower().strip().startswith('select'):
         params = json.loads(params)
@@ -58,7 +58,7 @@ def sql_select(request):
         context = {
             'result': result,
             'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
-            'duration': request.GET.get('duration', 0.0),
+            'duration': request.POST.get('duration', 0.0),
             'headers': headers,
             'alias': alias,
         }
@@ -70,18 +70,18 @@ def sql_explain(request):
     """
     Returns the output of the SQL EXPLAIN on the given query.
 
-    Expected GET variables:
+    Expected POST variables:
         sql: urlencoded sql with positional arguments
         params: JSON encoded parameter values
         duration: time for SQL to execute passed in from toolbar just for redisplay
         hash: the hash of (secret + sql + params) for tamper checking
     """
     from debug_toolbar.panels.sql import reformat_sql
-    sql = request.GET.get('sql', '')
-    params = request.GET.get('params', '')
-    alias = request.GET.get('alias', 'default')
+    sql = request.POST.get('sql', '')
+    params = request.POST.get('params', '')
+    alias = request.POST.get('alias', 'default')
     hash = sha1(settings.SECRET_KEY + sql + params).hexdigest()
-    if hash != request.GET.get('hash', ''):
+    if hash != request.POST.get('hash', ''):
         return HttpResponseBadRequest('Tamper alert')  # SQL Tampering alert
     if sql.lower().strip().startswith('select'):
         params = json.loads(params)
@@ -104,7 +104,7 @@ def sql_explain(request):
         context = {
             'result': result,
             'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
-            'duration': request.GET.get('duration', 0.0),
+            'duration': request.POST.get('duration', 0.0),
             'headers': headers,
             'alias': alias,
         }
@@ -116,18 +116,18 @@ def sql_profile(request):
     """
     Returns the output of running the SQL and getting the profiling statistics.
 
-    Expected GET variables:
+    Expected POST variables:
         sql: urlencoded sql with positional arguments
         params: JSON encoded parameter values
         duration: time for SQL to execute passed in from toolbar just for redisplay
         hash: the hash of (secret + sql + params) for tamper checking
     """
     from debug_toolbar.panels.sql import reformat_sql
-    sql = request.GET.get('sql', '')
-    params = request.GET.get('params', '')
-    alias = request.GET.get('alias', 'default')
+    sql = request.POST.get('sql', '')
+    params = request.POST.get('params', '')
+    alias = request.POST.get('alias', 'default')
     hash = sha1(settings.SECRET_KEY + sql + params).hexdigest()
-    if hash != request.GET.get('hash', ''):
+    if hash != request.POST.get('hash', ''):
         return HttpResponseBadRequest('Tamper alert')  # SQL Tampering alert
     if sql.lower().strip().startswith('select'):
         params = json.loads(params)
@@ -150,7 +150,7 @@ def sql_profile(request):
             'result': result,
             'result_error': result_error,
             'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
-            'duration': request.GET.get('duration', 0.0),
+            'duration': request.POST.get('duration', 0.0),
             'headers': headers,
             'alias': alias,
         }