mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Fixed #10034: the formtools security hash function is now friendlier to browsers that submit leading/trailing whitespace in form fields.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -1,5 +1,6 @@ | ||||
| import unittest | ||||
| from django import forms | ||||
| from django.contrib.formtools import preview, wizard | ||||
| from django.contrib.formtools import preview, wizard, utils | ||||
| from django import http | ||||
| from django.test import TestCase | ||||
|  | ||||
| @@ -101,6 +102,24 @@ class PreviewTests(TestCase): | ||||
|         response = self.client.post('/test1/', self.test_data) | ||||
|         self.assertEqual(response.content, success_string) | ||||
|  | ||||
| class SecurityHashTests(unittest.TestCase): | ||||
|  | ||||
|     def test_textfield_hash(self): | ||||
|         """ | ||||
|         Regression test for #10034: the hash generation function should ignore | ||||
|         leading/trailing whitespace so as to be friendly to broken browsers that | ||||
|         submit it (usually in textareas). | ||||
|         """ | ||||
|         class TestForm(forms.Form): | ||||
|             name = forms.CharField() | ||||
|             bio = forms.CharField() | ||||
|          | ||||
|         f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'}) | ||||
|         f2 = TestForm({'name': '  joe', 'bio': 'Nothing notable.  '}) | ||||
|         hash1 = utils.security_hash(None, f1) | ||||
|         hash2 = utils.security_hash(None, f2) | ||||
|         self.assertEqual(hash1, hash2) | ||||
|  | ||||
| # | ||||
| # FormWizard tests | ||||
| # | ||||
|   | ||||
| @@ -16,7 +16,12 @@ def security_hash(request, form, *args): | ||||
|     hash of that. | ||||
|     """ | ||||
|  | ||||
|     data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form] | ||||
|     data = [] | ||||
|     for bf in form: | ||||
|         value = bf.field.clean(bf.data) or '' | ||||
|         if isinstance(value, basestring): | ||||
|             value = value.strip() | ||||
|         data.append((bf.name, value)) | ||||
|     data.extend(args) | ||||
|     data.append(settings.SECRET_KEY) | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user