Fixed #741 -- Made models.core.Session.get_decoded() fault-tolerant, in case of funky pickled data. Thanks, kieranholland

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1099 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2005-11-06 22:28:05 +00:00
parent e19c9ccfcb
commit 557aa1572c
1 changed files with 8 additions and 4 deletions

View File

@ -1,3 +1,5 @@
import base64, md5, random, sys
import cPickle as pickle
from django.core import meta, validators from django.core import meta, validators
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
@ -107,9 +109,6 @@ class FlatFile(meta.Model):
def get_absolute_url(self): def get_absolute_url(self):
return self.url return self.url
import base64, md5, random, sys
import cPickle as pickle
class Session(meta.Model): class Session(meta.Model):
session_key = meta.CharField(_('session key'), maxlength=40, primary_key=True) session_key = meta.CharField(_('session key'), maxlength=40, primary_key=True)
session_data = meta.TextField(_('session data')) session_data = meta.TextField(_('session data'))
@ -132,7 +131,12 @@ class Session(meta.Model):
if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check: if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check:
from django.core.exceptions import SuspiciousOperation from django.core.exceptions import SuspiciousOperation
raise SuspiciousOperation, "User tampered with session cookie." raise SuspiciousOperation, "User tampered with session cookie."
try:
return pickle.loads(pickled) return pickle.loads(pickled)
# Unpickling can cause a variety of exceptions. If something happens,
# just return an empty dictionary (an empty session).
except:
return {}
def _module_encode(session_dict): def _module_encode(session_dict):
"Returns the given session dictionary pickled and encoded as a string." "Returns the given session dictionary pickled and encoded as a string."