mirror of https://github.com/django/django.git
Removed Django 1.2 compatibility fallback for session data integrity check hash.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15954 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
5fa11b0035
commit
c0caac87f9
|
@ -105,24 +105,9 @@ class SessionBase(object):
|
|||
else:
|
||||
return pickle.loads(pickled)
|
||||
except Exception:
|
||||
# ValueError, SuspiciousOperation, unpickling exceptions
|
||||
# Fall back to Django 1.2 method
|
||||
# PendingDeprecationWarning <- here to remind us to
|
||||
# remove this fallback in Django 1.5
|
||||
try:
|
||||
return self._decode_old(session_data)
|
||||
except Exception:
|
||||
# Unpickling can cause a variety of exceptions. If something happens,
|
||||
# just return an empty dictionary (an empty session).
|
||||
return {}
|
||||
|
||||
def _decode_old(self, session_data):
|
||||
encoded_data = base64.decodestring(session_data)
|
||||
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
|
||||
if not constant_time_compare(hashlib.md5(pickled + settings.SECRET_KEY).hexdigest(),
|
||||
tamper_check):
|
||||
raise SuspiciousOperation("User tampered with session cookie.")
|
||||
return pickle.loads(pickled)
|
||||
# ValueError, SuspiciousOperation, unpickling exceptions. If any of
|
||||
# these happen, just return an empty dictionary (an empty session).
|
||||
return {}
|
||||
|
||||
def update(self, dict_):
|
||||
self._session.update(dict_)
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
import base64
|
||||
from datetime import datetime, timedelta
|
||||
import hashlib
|
||||
import pickle
|
||||
import shutil
|
||||
import tempfile
|
||||
|
||||
|
@ -252,18 +249,6 @@ class SessionTestsMixin(object):
|
|||
encoded = self.session.encode(data)
|
||||
self.assertEqual(self.session.decode(encoded), data)
|
||||
|
||||
def test_decode_django12(self):
|
||||
# Ensure we can decode values encoded using Django 1.2
|
||||
# Hard code the Django 1.2 method here:
|
||||
def encode(session_dict):
|
||||
pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
|
||||
pickled_md5 = hashlib.md5(pickled + settings.SECRET_KEY).hexdigest()
|
||||
return base64.encodestring(pickled + pickled_md5)
|
||||
|
||||
data = {'a test key': 'a test value'}
|
||||
encoded = encode(data)
|
||||
self.assertEqual(self.session.decode(encoded), data)
|
||||
|
||||
|
||||
class DatabaseSessionTests(SessionTestsMixin, TestCase):
|
||||
|
||||
|
|
Loading…
Reference in New Issue