Fixed #25697 -- Made default error views error when passed a nonexistent template_name.

2025-10-26 07:06:08 +00:00 · 2015-11-07 17:24:07 +01:00
parent 8d5d472c6d
commit 21bf685f5e
4 changed files with 66 additions and 5 deletions
--- a/django/views/defaults.py
+++ b/django/views/defaults.py
@@ -4,12 +4,17 @@ from django.utils import six
 from django.utils.encoding import force_text
 from django.views.decorators.csrf import requires_csrf_token

+ERROR_404_TEMPLATE_NAME = '404.html'
+ERROR_403_TEMPLATE_NAME = '403.html'
+ERROR_400_TEMPLATE_NAME = '400.html'
+ERROR_500_TEMPLATE_NAME = '500.html'
+

 # This can be called when CsrfViewMiddleware.process_view has not run,
 # therefore need @requires_csrf_token in case the template needs
 # {% csrf_token %}.
@requires_csrf_token
-def page_not_found(request, exception, template_name='404.html'):
+def page_not_found(request, exception, template_name=ERROR_404_TEMPLATE_NAME):
    """
    Default 404 handler.

@@ -40,6 +45,9 @@ def page_not_found(request, exception, template_name='404.html'):
        body = template.render(context, request)
        content_type = None             # Django will use DEFAULT_CONTENT_TYPE
    except TemplateDoesNotExist:
+        if template_name != ERROR_404_TEMPLATE_NAME:
+            # Reraise if it's a missing custom template.
+            raise
        template = Engine().from_string(
            '<h1>Not Found</h1>'
            '<p>The requested URL {{ request_path }} was not found on this server.</p>')
@@ -49,7 +57,7 @@ def page_not_found(request, exception, template_name='404.html'):


@requires_csrf_token
-def server_error(request, template_name='500.html'):
+def server_error(request, template_name=ERROR_500_TEMPLATE_NAME):
    """
    500 error handler.

@@ -59,12 +67,15 @@ def server_error(request, template_name='500.html'):
    try:
        template = loader.get_template(template_name)
    except TemplateDoesNotExist:
+        if template_name != ERROR_500_TEMPLATE_NAME:
+            # Reraise if it's a missing custom template.
+            raise
        return http.HttpResponseServerError('<h1>Server Error (500)</h1>', content_type='text/html')
    return http.HttpResponseServerError(template.render())


@requires_csrf_token
-def bad_request(request, exception, template_name='400.html'):
+def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
    """
    400 error handler.

@@ -74,6 +85,9 @@ def bad_request(request, exception, template_name='400.html'):
    try:
        template = loader.get_template(template_name)
    except TemplateDoesNotExist:
+        if template_name != ERROR_400_TEMPLATE_NAME:
+            # Reraise if it's a missing custom template.
+            raise
        return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>', content_type='text/html')
    # No exception content is passed to the template, to not disclose any sensitive information.
    return http.HttpResponseBadRequest(template.render())
@@ -83,7 +97,7 @@ def bad_request(request, exception, template_name='400.html'):
 # therefore need @requires_csrf_token in case the template needs
 # {% csrf_token %}.
@requires_csrf_token
-def permission_denied(request, exception, template_name='403.html'):
+def permission_denied(request, exception, template_name=ERROR_403_TEMPLATE_NAME):
    """
    Permission denied (403) handler.

@@ -96,6 +110,9 @@ def permission_denied(request, exception, template_name='403.html'):
    try:
        template = loader.get_template(template_name)
    except TemplateDoesNotExist:
+        if template_name != ERROR_403_TEMPLATE_NAME:
+            # Reraise if it's a missing custom template.
+            raise
        return http.HttpResponseForbidden('<h1>403 Forbidden</h1>', content_type='text/html')
    return http.HttpResponseForbidden(
        template.render(request=request, context={'exception': force_text(exception)})