innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #8653: make formtools' security hash more rubust. Silly that I didn't think of this before; thanks to bthomas for providing the obvious fix. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8715 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss 2008-08-29 19:15:34 +00:00
parent 71076ae299
commit 2ca8cf3628
1 changed files with 1 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
django/contrib/formtools/utils.py
View File

@ -15,19 +15,8 @@ def security_hash(request, form, *args):
order, pickles the result with the SECRET_KEY setting, then takes an md5 order, pickles the result with the SECRET_KEY setting, then takes an md5
hash of that. hash of that.
""" """
# Ensure that the hash does not change when a BooleanField's bound
# data is a string `False' or a boolean False.
# Rather than re-coding this special behaviour here, we
# create a dummy BooleanField and call its clean method to get a
# boolean True or False verdict that is consistent with
# BooleanField.clean()
dummy_bool = BooleanField(required=False)
def _cleaned_data(bf):
if isinstance(bf.field, BooleanField):
return dummy_bool.clean(bf.data)
return bf.data
data = [(bf.name, _cleaned_data(bf) or '') for bf in form] data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form]
data.extend(args) data.extend(args)
data.append(settings.SECRET_KEY) data.append(settings.SECRET_KEY)