Fixed #10034: the formtools security hash function is now friendlier to browsers that submit leading/trailing whitespace in form fields.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
d20a0834ac
commit
fce800f3fd
|
@ -1,5 +1,6 @@
|
||||||
|
import unittest
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.contrib.formtools import preview, wizard
|
from django.contrib.formtools import preview, wizard, utils
|
||||||
from django import http
|
from django import http
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
|
|
||||||
|
@ -101,6 +102,24 @@ class PreviewTests(TestCase):
|
||||||
response = self.client.post('/test1/', self.test_data)
|
response = self.client.post('/test1/', self.test_data)
|
||||||
self.assertEqual(response.content, success_string)
|
self.assertEqual(response.content, success_string)
|
||||||
|
|
||||||
|
class SecurityHashTests(unittest.TestCase):
|
||||||
|
|
||||||
|
def test_textfield_hash(self):
|
||||||
|
"""
|
||||||
|
Regression test for #10034: the hash generation function should ignore
|
||||||
|
leading/trailing whitespace so as to be friendly to broken browsers that
|
||||||
|
submit it (usually in textareas).
|
||||||
|
"""
|
||||||
|
class TestForm(forms.Form):
|
||||||
|
name = forms.CharField()
|
||||||
|
bio = forms.CharField()
|
||||||
|
|
||||||
|
f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'})
|
||||||
|
f2 = TestForm({'name': ' joe', 'bio': 'Nothing notable. '})
|
||||||
|
hash1 = utils.security_hash(None, f1)
|
||||||
|
hash2 = utils.security_hash(None, f2)
|
||||||
|
self.assertEqual(hash1, hash2)
|
||||||
|
|
||||||
#
|
#
|
||||||
# FormWizard tests
|
# FormWizard tests
|
||||||
#
|
#
|
||||||
|
|
|
@ -16,7 +16,12 @@ def security_hash(request, form, *args):
|
||||||
hash of that.
|
hash of that.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form]
|
data = []
|
||||||
|
for bf in form:
|
||||||
|
value = bf.field.clean(bf.data) or ''
|
||||||
|
if isinstance(value, basestring):
|
||||||
|
value = value.strip()
|
||||||
|
data.append((bf.name, value))
|
||||||
data.extend(args)
|
data.extend(args)
|
||||||
data.append(settings.SECRET_KEY)
|
data.append(settings.SECRET_KEY)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue