From 557aa1572ce6b6e5428021c937fdef298dea700e Mon Sep 17 00:00:00 2001 From: Adrian Holovaty Date: Sun, 6 Nov 2005 22:28:05 +0000 Subject: [PATCH] Fixed #741 -- Made models.core.Session.get_decoded() fault-tolerant, in case of funky pickled data. Thanks, kieranholland git-svn-id: http://code.djangoproject.com/svn/django/trunk@1099 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/models/core.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/django/models/core.py b/django/models/core.py index 89695c21b2..c4327ee649 100644 --- a/django/models/core.py +++ b/django/models/core.py @@ -1,3 +1,5 @@ +import base64, md5, random, sys +import cPickle as pickle from django.core import meta, validators from django.utils.translation import gettext_lazy as _ @@ -107,9 +109,6 @@ class FlatFile(meta.Model): def get_absolute_url(self): return self.url -import base64, md5, random, sys -import cPickle as pickle - class Session(meta.Model): session_key = meta.CharField(_('session key'), maxlength=40, primary_key=True) session_data = meta.TextField(_('session data')) @@ -132,7 +131,12 @@ class Session(meta.Model): if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check: from django.core.exceptions import SuspiciousOperation raise SuspiciousOperation, "User tampered with session cookie." - return pickle.loads(pickled) + try: + return pickle.loads(pickled) + # Unpickling can cause a variety of exceptions. If something happens, + # just return an empty dictionary (an empty session). + except: + return {} def _module_encode(session_dict): "Returns the given session dictionary pickled and encoded as a string."