Removed Django 1.2 compatibility fallback for session data integrity check hash.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15954 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-03-30 17:35:22 +00:00
parent 5fa11b0035
commit c0caac87f9
2 changed files with 3 additions and 33 deletions

View File

@ -105,25 +105,10 @@ class SessionBase(object):
else: else:
return pickle.loads(pickled) return pickle.loads(pickled)
except Exception: except Exception:
# ValueError, SuspiciousOperation, unpickling exceptions # ValueError, SuspiciousOperation, unpickling exceptions. If any of
# Fall back to Django 1.2 method # these happen, just return an empty dictionary (an empty session).
# PendingDeprecationWarning <- here to remind us to
# remove this fallback in Django 1.5
try:
return self._decode_old(session_data)
except Exception:
# Unpickling can cause a variety of exceptions. If something happens,
# just return an empty dictionary (an empty session).
return {} return {}
def _decode_old(self, session_data):
encoded_data = base64.decodestring(session_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
if not constant_time_compare(hashlib.md5(pickled + settings.SECRET_KEY).hexdigest(),
tamper_check):
raise SuspiciousOperation("User tampered with session cookie.")
return pickle.loads(pickled)
def update(self, dict_): def update(self, dict_):
self._session.update(dict_) self._session.update(dict_)
self.modified = True self.modified = True

View File

@ -1,7 +1,4 @@
import base64
from datetime import datetime, timedelta from datetime import datetime, timedelta
import hashlib
import pickle
import shutil import shutil
import tempfile import tempfile
@ -252,18 +249,6 @@ class SessionTestsMixin(object):
encoded = self.session.encode(data) encoded = self.session.encode(data)
self.assertEqual(self.session.decode(encoded), data) self.assertEqual(self.session.decode(encoded), data)
def test_decode_django12(self):
# Ensure we can decode values encoded using Django 1.2
# Hard code the Django 1.2 method here:
def encode(session_dict):
pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
pickled_md5 = hashlib.md5(pickled + settings.SECRET_KEY).hexdigest()
return base64.encodestring(pickled + pickled_md5)
data = {'a test key': 'a test value'}
encoded = encode(data)
self.assertEqual(self.session.decode(encoded), data)
class DatabaseSessionTests(SessionTestsMixin, TestCase): class DatabaseSessionTests(SessionTestsMixin, TestCase):