mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-25 17:54:37 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #34830 -- Added request to bad_request/csrf_failure view template contexts.

Browse Source
This commit is contained in:
yushanfans2233 2023-11-11 15:24:24 +08:00 committed by Mariusz Felisiak
parent 8fcb9f1f10
commit 14b0132e5e
4 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
django/views/csrf.py
View File

@ -67,13 +67,14 @@ def csrf_failure(request, reason="", template_name=CSRF_FAILURE_TEMPLATE_NAME):
} }
try: try:
t = loader.get_template(template_name) t = loader.get_template(template_name)
body = t.render(request=request)
except TemplateDoesNotExist: except TemplateDoesNotExist:
if template_name == CSRF_FAILURE_TEMPLATE_NAME: if template_name == CSRF_FAILURE_TEMPLATE_NAME:
# If the default template doesn't exist, use the fallback template. # If the default template doesn't exist, use the fallback template.
with builtin_template_path("csrf_403.html").open(encoding="utf-8") as fh: with builtin_template_path("csrf_403.html").open(encoding="utf-8") as fh:
t = Engine().from_string(fh.read()) t = Engine().from_string(fh.read())
c = Context(c) body = t.render(Context(c))
else: else:
# Raise if a developer-specified template doesn't exist. # Raise if a developer-specified template doesn't exist.
raise raise
return HttpResponseForbidden(t.render(c)) return HttpResponseForbidden(body)

3
django/views/defaults.py
View File

@ -109,6 +109,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
""" """
try: try:
template = loader.get_template(template_name) template = loader.get_template(template_name)
body = template.render(request=request)
except TemplateDoesNotExist: except TemplateDoesNotExist:
if template_name != ERROR_400_TEMPLATE_NAME: if template_name != ERROR_400_TEMPLATE_NAME:
# Reraise if it's a missing custom template. # Reraise if it's a missing custom template.
@ -118,7 +119,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
) )
# No exception content is passed to the template, to not disclose any # No exception content is passed to the template, to not disclose any
# sensitive information. # sensitive information.
return HttpResponseBadRequest(template.render()) return HttpResponseBadRequest(body)
@requires_csrf_token @requires_csrf_token

1
tests/view_tests/tests/test_csrf.py
View File

@ -112,6 +112,7 @@ class CsrfViewTests(SimpleTestCase):
"""A custom CSRF_FAILURE_TEMPLATE_NAME is used.""" """A custom CSRF_FAILURE_TEMPLATE_NAME is used."""
response = self.client.post("/") response = self.client.post("/")
self.assertContains(response, "Test template for CSRF failure", status_code=403) self.assertContains(response, "Test template for CSRF failure", status_code=403)
self.assertIs(response.wsgi_request, response.context.request)
def test_custom_template_does_not_exist(self): def test_custom_template_does_not_exist(self):
"""An exception is raised if a nonexistent template is supplied.""" """An exception is raised if a nonexistent template is supplied."""

23
tests/view_tests/tests/test_defaults.py
View File

@ -102,6 +102,29 @@ class DefaultsTests(TestCase):
response = bad_request(request, Exception()) response = bad_request(request, Exception())
self.assertContains(response, b"<h1>Bad Request (400)</h1>", status_code=400) self.assertContains(response, b"<h1>Bad Request (400)</h1>", status_code=400)
@override_settings(
TEMPLATES=[
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"OPTIONS": {
"loaders": [
(
"django.template.loaders.locmem.Loader",
{
"400.html": (
"This is a test template for a 400 error "
),
},
),
],
},
}
]
)
def test_custom_bad_request_template(self):
response = self.client.get("/raises400/")
self.assertIs(response.wsgi_request, response.context[-1].request)
@override_settings( @override_settings(
TEMPLATES=[ TEMPLATES=[
{ {