Raised an error when allowed_include_roots is a string.

This avoids leaving projects silently vulnerable when this option is set
to a string instead of a one-item tuple containing that string, a very
common misconfiguration.
This commit is contained in:
Aymeric Augustin 2014-12-14 23:18:38 +01:00
parent cf1f36bb6e
commit 84d7c93feb
1 changed files with 5 additions and 1 deletions

View File

@ -36,7 +36,11 @@ class Engine(object):
else: else:
if app_dirs: if app_dirs:
raise ImproperlyConfigured( raise ImproperlyConfigured(
"APP_DIRS must not be set when LOADERS is defined.") "app_dirs must not be set when loaders is defined.")
if isinstance(allowed_include_roots, six.string_types):
raise ImproperlyConfigured(
"allowed_include_roots must be a tuple, not a string.")
self.dirs = dirs self.dirs = dirs
self.app_dirs = app_dirs self.app_dirs = app_dirs