Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Reverted pickle-json replacement form_hmac calculation

This reverts commit b109ff8 and
complement test cases. The change was too hasty, as some form
values cannot be json-serialized as is.
  • Loading branch information...
commit 0df0cf70d43a642393d118523b7efdc04dae6105 1 parent 363dbd9
@claudep claudep authored
View
19 django/contrib/formtools/tests/__init__.py
@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
+import datetime
import os
import re
import warnings
@@ -80,7 +81,7 @@ def test_form_preview(self):
"""
# Pass strings for form submittal and add stage variable to
# show we previously saw first stage of the form.
- self.test_data.update({'stage': 1})
+ self.test_data.update({'stage': 1, 'date1': datetime.date(2006, 10, 25)})
response = self.client.post('/preview/', self.test_data)
# Check to confirm stage is set to 2 in output form.
stage = self.input % 2
@@ -98,7 +99,7 @@ def test_form_submit(self):
"""
# Pass strings for form submittal and add stage variable to
# show we previously saw first stage of the form.
- self.test_data.update({'stage':2})
+ self.test_data.update({'stage': 2, 'date1': datetime.date(2006, 10, 25)})
response = self.client.post('/preview/', self.test_data)
self.assertNotEqual(response.content, success_string_encoded)
hash = self.preview.security_hash(None, TestForm(self.test_data))
@@ -272,7 +273,7 @@ def test_good_hash(self):
"""
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
+ "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
"wizard_step": "1"}
response = self.client.post('/wizard1/', data)
self.assertEqual(2, response.context['step0'])
@@ -297,15 +298,15 @@ def process_step(self, request, form, step):
wizard = WizardWithProcessStep([WizardPageOneForm])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
+ "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
- "hash_1": "4c352938f08b0e6467bef3cda578a1d4a82edc66",
+ "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
+ "hash_1": "1e6f6315da42e62f33a30640ec7e007ad3fbf1a1",
"wizard_step": "2"}
self.assertRaises(http.Http404, wizard, DummyRequest(POST=data))
@@ -327,7 +328,7 @@ def process_step(self, request, form, step):
WizardPageThreeForm])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
+ "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
@@ -351,7 +352,7 @@ def done(self, request, form_list):
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
+ "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
@@ -377,7 +378,7 @@ def process_step(self, request, form, step):
WizardPageThreeForm])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
+ "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
View
1  django/contrib/formtools/tests/forms.py
@@ -21,6 +21,7 @@ class TestForm(forms.Form):
field1 = forms.CharField()
field1_ = forms.CharField()
bool1 = forms.BooleanField(required=False)
+ date1 = forms.DateField(required=False)
class HashTestForm(forms.Form):
name = forms.CharField()
View
6 django/contrib/formtools/utils.py
@@ -1,6 +1,7 @@
from __future__ import unicode_literals
-import json
+# Do not try cPickle here (see #18340)
+import pickle
from django.utils.crypto import salted_hmac
from django.utils import six
@@ -22,5 +23,6 @@ def form_hmac(form):
value = value.strip()
data.append((bf.name, value))
+ pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
key_salt = 'django.contrib.formtools'
- return salted_hmac(key_salt, json.dumps(data)).hexdigest()
+ return salted_hmac(key_salt, pickled).hexdigest()
Please sign in to comment.
Something went wrong with that request. Please try again.