Fixed #10034: the formtools security hash function is now friendlier to browsers that submit leading/trailing whitespace in form fields.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss 2009-05-12 21:54:58 +00:00
parent d20a0834ac
commit fce800f3fd
2 changed files with 26 additions and 2 deletions

View File

@ -1,5 +1,6 @@
import unittest
from django import forms
from django.contrib.formtools import preview, wizard
from django.contrib.formtools import preview, wizard, utils
from django import http
from django.test import TestCase
@ -101,6 +102,24 @@ class PreviewTests(TestCase):
response = self.client.post('/test1/', self.test_data)
self.assertEqual(response.content, success_string)
class SecurityHashTests(unittest.TestCase):
def test_textfield_hash(self):
"""
Regression test for #10034: the hash generation function should ignore
leading/trailing whitespace so as to be friendly to broken browsers that
submit it (usually in textareas).
"""
class TestForm(forms.Form):
name = forms.CharField()
bio = forms.CharField()
f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'})
f2 = TestForm({'name': ' joe', 'bio': 'Nothing notable. '})
hash1 = utils.security_hash(None, f1)
hash2 = utils.security_hash(None, f2)
self.assertEqual(hash1, hash2)
#
# FormWizard tests
#

View File

@ -16,7 +16,12 @@ def security_hash(request, form, *args):
hash of that.
"""
data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form]
data = []
for bf in form:
value = bf.field.clean(bf.data) or ''
if isinstance(value, basestring):
value = value.strip()
data.append((bf.name, value))
data.extend(args)
data.append(settings.SECRET_KEY)