From 557aa1572ce6b6e5428021c937fdef298dea700e Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Sun, 6 Nov 2005 22:28:05 +0000
Subject: [PATCH] Fixed #741 -- Made models.core.Session.get_decoded()
 fault-tolerant, in case of funky pickled data. Thanks, kieranholland

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1099 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/models/core.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/django/models/core.py b/django/models/core.py
index 89695c21b2a..c4327ee649b 100644
--- a/django/models/core.py
+++ b/django/models/core.py
@@ -1,3 +1,5 @@
+import base64, md5, random, sys
+import cPickle as pickle
 from django.core import meta, validators
 from django.utils.translation import gettext_lazy as _
 
@@ -107,9 +109,6 @@ class FlatFile(meta.Model):
     def get_absolute_url(self):
         return self.url
 
-import base64, md5, random, sys
-import cPickle as pickle
-
 class Session(meta.Model):
     session_key = meta.CharField(_('session key'), maxlength=40, primary_key=True)
     session_data = meta.TextField(_('session data'))
@@ -132,7 +131,12 @@ class Session(meta.Model):
         if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check:
             from django.core.exceptions import SuspiciousOperation
             raise SuspiciousOperation, "User tampered with session cookie."
-        return pickle.loads(pickled)
+        try:
+            return pickle.loads(pickled)
+        # Unpickling can cause a variety of exceptions. If something happens,
+        # just return an empty dictionary (an empty session).
+        except:
+            return {}
 
     def _module_encode(session_dict):
         "Returns the given session dictionary pickled and encoded as a string."