diff --git a/django/contrib/comments/forms.py b/django/contrib/comments/forms.py index a0cfc2452c..d497572488 100644 --- a/django/contrib/comments/forms.py +++ b/django/contrib/comments/forms.py @@ -1,5 +1,4 @@ import datetime -import hashlib import time from django import forms from django.forms.util import ErrorDict @@ -47,12 +46,7 @@ class CommentSecurityForm(forms.Form): expected_hash = self.generate_security_hash(**security_hash_dict) actual_hash = self.cleaned_data["security_hash"] if not constant_time_compare(expected_hash, actual_hash): - # Fallback to Django 1.2 method for compatibility - # PendingDeprecationWarning <- here to remind us to remove this - # fallback in Django 1.5 - expected_hash_old = self._generate_security_hash_old(**security_hash_dict) - if not constant_time_compare(expected_hash_old, actual_hash): - raise forms.ValidationError("Security hash check failed.") + raise forms.ValidationError("Security hash check failed.") return actual_hash def clean_timestamp(self): @@ -95,12 +89,6 @@ class CommentSecurityForm(forms.Form): value = "-".join(info) return salted_hmac(key_salt, value).hexdigest() - def _generate_security_hash_old(self, content_type, object_pk, timestamp): - """Generate a (SHA1) security hash from the provided info.""" - # Django 1.2 compatibility - info = (content_type, object_pk, timestamp, settings.SECRET_KEY) - return hashlib.sha1("".join(info)).hexdigest() - class CommentDetailsForm(CommentSecurityForm): """ Handles the specific details of the comment (name, comment, etc.). diff --git a/tests/regressiontests/comment_tests/tests/comment_form_tests.py b/tests/regressiontests/comment_tests/tests/comment_form_tests.py index 956ca53bfd..2c5e1fe551 100644 --- a/tests/regressiontests/comment_tests/tests/comment_form_tests.py +++ b/tests/regressiontests/comment_tests/tests/comment_form_tests.py @@ -1,4 +1,3 @@ -import hashlib import time from django.conf import settings @@ -46,23 +45,6 @@ class CommentFormTests(CommentTestCase): def testObjectPKTampering(self): self.tamperWithForm(object_pk="3") - def testDjango12Hash(self): - # Ensure we can use the hashes generated by Django 1.2 - a = Article.objects.get(pk=1) - d = self.getValidData(a) - - content_type = d['content_type'] - object_pk = d['object_pk'] - timestamp = d['timestamp'] - - # The Django 1.2 method hard-coded here: - info = (content_type, object_pk, timestamp, settings.SECRET_KEY) - security_hash = hashlib.sha1("".join(info)).hexdigest() - - d['security_hash'] = security_hash - f = CommentForm(a, data=d) - self.assertTrue(f.is_valid(), f.errors) - def testSecurityErrors(self): f = self.tamperWithForm(honeypot="I am a robot") self.assertTrue("honeypot" in f.security_errors())