mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Fixed #10034: the formtools security hash function is now friendlier to browsers that submit leading/trailing whitespace in form fields.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -1,5 +1,6 @@ | |||||||
|  | import unittest | ||||||
| from django import forms | from django import forms | ||||||
| from django.contrib.formtools import preview, wizard | from django.contrib.formtools import preview, wizard, utils | ||||||
| from django import http | from django import http | ||||||
| from django.test import TestCase | from django.test import TestCase | ||||||
|  |  | ||||||
| @@ -101,6 +102,24 @@ class PreviewTests(TestCase): | |||||||
|         response = self.client.post('/test1/', self.test_data) |         response = self.client.post('/test1/', self.test_data) | ||||||
|         self.assertEqual(response.content, success_string) |         self.assertEqual(response.content, success_string) | ||||||
|  |  | ||||||
|  | class SecurityHashTests(unittest.TestCase): | ||||||
|  |  | ||||||
|  |     def test_textfield_hash(self): | ||||||
|  |         """ | ||||||
|  |         Regression test for #10034: the hash generation function should ignore | ||||||
|  |         leading/trailing whitespace so as to be friendly to broken browsers that | ||||||
|  |         submit it (usually in textareas). | ||||||
|  |         """ | ||||||
|  |         class TestForm(forms.Form): | ||||||
|  |             name = forms.CharField() | ||||||
|  |             bio = forms.CharField() | ||||||
|  |          | ||||||
|  |         f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'}) | ||||||
|  |         f2 = TestForm({'name': '  joe', 'bio': 'Nothing notable.  '}) | ||||||
|  |         hash1 = utils.security_hash(None, f1) | ||||||
|  |         hash2 = utils.security_hash(None, f2) | ||||||
|  |         self.assertEqual(hash1, hash2) | ||||||
|  |  | ||||||
| # | # | ||||||
| # FormWizard tests | # FormWizard tests | ||||||
| # | # | ||||||
|   | |||||||
| @@ -16,7 +16,12 @@ def security_hash(request, form, *args): | |||||||
|     hash of that. |     hash of that. | ||||||
|     """ |     """ | ||||||
|  |  | ||||||
|     data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form] |     data = [] | ||||||
|  |     for bf in form: | ||||||
|  |         value = bf.field.clean(bf.data) or '' | ||||||
|  |         if isinstance(value, basestring): | ||||||
|  |             value = value.strip() | ||||||
|  |         data.append((bf.name, value)) | ||||||
|     data.extend(args) |     data.extend(args) | ||||||
|     data.append(settings.SECRET_KEY) |     data.append(settings.SECRET_KEY) | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user