Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.7.x] Increased memoization cache size for language codes.

There may be more than 100 (default maxsize) commonly seen xx-yy values
on some sites. The additional memory consumption isn't significant.

Also added a comment explaining why this cache must have a maxsize.

Backport of f356b6e from master.
  • Loading branch information...
commit 18b2c03ea31027d2f102df3c6b173cb6e63da52d 1 parent c139e3e
@aaugustin aaugustin authored
Showing with 5 additions and 1 deletion.
  1. +5 −1 django/utils/translation/trans_real.py
View
6 django/utils/translation/trans_real.py
@@ -389,12 +389,16 @@ def all_locale_paths():
return [globalpath] + list(settings.LOCALE_PATHS)
-@lru_cache.lru_cache()
+@lru_cache.lru_cache(maxsize=1000)
def check_for_language(lang_code):
"""
Checks whether there is a global language file for the given language
code. This is used to decide whether a user-provided language is
available.
+
+ lru_cache should have a maxsize to prevent from memory exhaustion attacks,
+ as the provided language codes are taken from the HTTP request. See also
+ <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>.
"""
# First, a quick check to make sure lang_code is well-formed (#21458)
if not language_code_re.search(lang_code):
Please sign in to comment.
Something went wrong with that request. Please try again.