innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

[py3] Fix encoding issues in contrib.sessions

This commit is contained in:
Claude Paroz 2012-08-12 22:26:17 +02:00
parent ac37c9e495
commit 8a1f439d3a
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
django/contrib/sessions/backends/base.py
View File

@ -1,3 +1,5 @@
from __future__ import unicode_literals
import base64 import base64
import time import time
from datetime import datetime, timedelta from datetime import datetime, timedelta
@ -12,6 +14,7 @@ from django.utils.crypto import constant_time_compare
from django.utils.crypto import get_random_string from django.utils.crypto import get_random_string
from django.utils.crypto import salted_hmac from django.utils.crypto import salted_hmac
from django.utils import timezone from django.utils import timezone
from django.utils.encoding import smart_bytes
class CreateError(Exception): class CreateError(Exception):
""" """
@ -78,15 +81,15 @@ class SessionBase(object):
"Returns the given session dictionary pickled and encoded as a string." "Returns the given session dictionary pickled and encoded as a string."
pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL) pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
hash = self._hash(pickled) hash = self._hash(pickled)
return base64.encodestring(hash + ":" + pickled) return base64.encodestring(hash.encode() + b":" + pickled)
def decode(self, session_data): def decode(self, session_data):
encoded_data = base64.decodestring(session_data) encoded_data = base64.decodestring(smart_bytes(session_data))
try: try:
# could produce ValueError if there is no ':' # could produce ValueError if there is no ':'
hash, pickled = encoded_data.split(':', 1) hash, pickled = encoded_data.split(b':', 1)
expected_hash = self._hash(pickled) expected_hash = self._hash(pickled)
if not constant_time_compare(hash, expected_hash): if not constant_time_compare(hash.decode(), expected_hash):
raise SuspiciousOperation("Session data corrupted") raise SuspiciousOperation("Session data corrupted")
else: else:
return pickle.loads(pickled) return pickle.loads(pickled)

3
django/contrib/sessions/backends/db.py
View File

@ -1,7 +1,6 @@
from django.contrib.sessions.backends.base import SessionBase, CreateError from django.contrib.sessions.backends.base import SessionBase, CreateError
from django.core.exceptions import SuspiciousOperation from django.core.exceptions import SuspiciousOperation
from django.db import IntegrityError, transaction, router from django.db import IntegrityError, transaction, router
from django.utils.encoding import force_text
from django.utils import timezone from django.utils import timezone
@ -18,7 +17,7 @@ class SessionStore(SessionBase):
session_key = self.session_key, session_key = self.session_key,
expire_date__gt=timezone.now() expire_date__gt=timezone.now()
) )
return self.decode(force_text(s.session_data)) return self.decode(s.session_data)
except (Session.DoesNotExist, SuspiciousOperation): except (Session.DoesNotExist, SuspiciousOperation):
self.create() self.create()
return {} return {}