mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Fixed #14498 - Forms passed to FormWizard.process_step are not guaranteed to have cleaned_data
Thanks to stas for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -340,3 +340,23 @@ class WizardTests(TestCase): | |||||||
|                 "wizard_step": "1"} |                 "wizard_step": "1"} | ||||||
|         response = self.client.post('/wizard/', data) |         response = self.client.post('/wizard/', data) | ||||||
|         self.assertEquals(2, response.context['step0']) |         self.assertEquals(2, response.context['step0']) | ||||||
|  |  | ||||||
|  |     def test_14498(self): | ||||||
|  |         """ | ||||||
|  |         Regression test for ticket #14498. | ||||||
|  |         """ | ||||||
|  |         that = self | ||||||
|  |  | ||||||
|  |         class WizardWithProcessStep(WizardClass): | ||||||
|  |             def process_step(self, request, form, step): | ||||||
|  |                 that.assertTrue(hasattr(form, 'cleaned_data')) | ||||||
|  |  | ||||||
|  |         wizard = WizardWithProcessStep([WizardPageOneForm, | ||||||
|  |                                         WizardPageTwoForm, | ||||||
|  |                                         WizardPageThreeForm]) | ||||||
|  |         data = {"0-field": "test", | ||||||
|  |                 "1-field": "test2", | ||||||
|  |                 "hash_0": "7e9cea465f6a10a6fb47fcea65cb9a76350c9a5c", | ||||||
|  |                 "wizard_step": "1"} | ||||||
|  |         wizard(DummyRequest(POST=data)) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -90,30 +90,14 @@ class FormWizard(object): | |||||||
|         if current_step >= self.num_steps(): |         if current_step >= self.num_steps(): | ||||||
|             raise Http404('Step %s does not exist' % current_step) |             raise Http404('Step %s does not exist' % current_step) | ||||||
|  |  | ||||||
|         # For each previous step, verify the hash and process. |  | ||||||
|         # TODO: Move "hash_%d" to a method to make it configurable. |  | ||||||
|         for i in range(current_step): |  | ||||||
|             form = self.get_form(i, request.POST) |  | ||||||
|             if not self._check_security_hash(request.POST.get("hash_%d" % i, ''), request, form): |  | ||||||
|                 return self.render_hash_failure(request, i) |  | ||||||
|             self.process_step(request, form, i) |  | ||||||
|  |  | ||||||
|         # Process the current step. If it's valid, go to the next step or call |         # Process the current step. If it's valid, go to the next step or call | ||||||
|         # done(), depending on whether any steps remain. |         # done(), depending on whether any steps remain. | ||||||
|         if request.method == 'POST': |         if request.method == 'POST': | ||||||
|             form = self.get_form(current_step, request.POST) |             form = self.get_form(current_step, request.POST) | ||||||
|         else: |         else: | ||||||
|             form = self.get_form(current_step) |             form = self.get_form(current_step) | ||||||
|  |  | ||||||
|         if form.is_valid(): |         if form.is_valid(): | ||||||
|             self.process_step(request, form, current_step) |  | ||||||
|             next_step = current_step + 1 |  | ||||||
|  |  | ||||||
|             # If this was the last step, validate all of the forms one more |  | ||||||
|             # time, as a sanity check, and call done(). |  | ||||||
|             num = self.num_steps() |  | ||||||
|             if next_step == num: |  | ||||||
|                 final_form_list = [self.get_form(i, request.POST) for i in range(num)] |  | ||||||
|  |  | ||||||
|             # Validate all the forms. If any of them fail validation, that |             # Validate all the forms. If any of them fail validation, that | ||||||
|             # must mean the validator relied on some other input, such as |             # must mean the validator relied on some other input, such as | ||||||
|             # an external Web site. |             # an external Web site. | ||||||
| @@ -132,12 +116,23 @@ class FormWizard(object): | |||||||
|             # Since the hashes only take into account values, and not other |             # Since the hashes only take into account values, and not other | ||||||
|             # other validation the form might do, we must re-do validation |             # other validation the form might do, we must re-do validation | ||||||
|             # now for security reasons. |             # now for security reasons. | ||||||
|                 for i, f in enumerate(final_form_list): |             current_form_list = [self.get_form(i, request.POST) for i in range(current_step)] | ||||||
|  |  | ||||||
|  |             for i, f in enumerate(current_form_list): | ||||||
|  |                 if not self._check_security_hash(request.POST.get("hash_%d" % i, ''), request, f): | ||||||
|  |                     return self.render_hash_failure(request, i) | ||||||
|  |  | ||||||
|                 if not f.is_valid(): |                 if not f.is_valid(): | ||||||
|                     return self.render_revalidation_failure(request, i, f) |                     return self.render_revalidation_failure(request, i, f) | ||||||
|                 return self.done(request, final_form_list) |                 else: | ||||||
|  |                     self.process_step(request, f, i) | ||||||
|  |  | ||||||
|             # Otherwise, move along to the next step. |             # Now progress to processing this step: | ||||||
|  |             self.process_step(request, form, current_step) | ||||||
|  |             next_step = current_step + 1 | ||||||
|  |  | ||||||
|  |             if current_step == self.num_steps(): | ||||||
|  |                 return self.done(request, final_form_list) | ||||||
|             else: |             else: | ||||||
|                 form = self.get_form(next_step) |                 form = self.get_form(next_step) | ||||||
|                 self.step = current_step = next_step |                 self.step = current_step = next_step | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user