mirror of
https://github.com/django/django.git
synced 2025-10-24 14:16:09 +00:00
Fixed #741 -- Made models.core.Session.get_decoded() fault-tolerant, in case of funky pickled data. Thanks, kieranholland
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1099 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
@@ -1,3 +1,5 @@
|
|||||||
|
import base64, md5, random, sys
|
||||||
|
import cPickle as pickle
|
||||||
from django.core import meta, validators
|
from django.core import meta, validators
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
@@ -107,9 +109,6 @@ class FlatFile(meta.Model):
|
|||||||
def get_absolute_url(self):
|
def get_absolute_url(self):
|
||||||
return self.url
|
return self.url
|
||||||
|
|
||||||
import base64, md5, random, sys
|
|
||||||
import cPickle as pickle
|
|
||||||
|
|
||||||
class Session(meta.Model):
|
class Session(meta.Model):
|
||||||
session_key = meta.CharField(_('session key'), maxlength=40, primary_key=True)
|
session_key = meta.CharField(_('session key'), maxlength=40, primary_key=True)
|
||||||
session_data = meta.TextField(_('session data'))
|
session_data = meta.TextField(_('session data'))
|
||||||
@@ -132,7 +131,12 @@ class Session(meta.Model):
|
|||||||
if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check:
|
if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check:
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import SuspiciousOperation
|
||||||
raise SuspiciousOperation, "User tampered with session cookie."
|
raise SuspiciousOperation, "User tampered with session cookie."
|
||||||
return pickle.loads(pickled)
|
try:
|
||||||
|
return pickle.loads(pickled)
|
||||||
|
# Unpickling can cause a variety of exceptions. If something happens,
|
||||||
|
# just return an empty dictionary (an empty session).
|
||||||
|
except:
|
||||||
|
return {}
|
||||||
|
|
||||||
def _module_encode(session_dict):
|
def _module_encode(session_dict):
|
||||||
"Returns the given session dictionary pickled and encoded as a string."
|
"Returns the given session dictionary pickled and encoded as a string."
|
||||||
|
Reference in New Issue
Block a user