Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #8653: make formtools' security hash more rubust. Silly that I …

…didn't think of this before; thanks to bthomas for providing the obvious fix.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8715 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 2ca8cf36280d427ca396f14029f22421539a1fce 1 parent 71076ae
Jacob Kaplan-Moss authored August 29, 2008

Showing 1 changed file with 1 addition and 12 deletions. Show diff stats Hide diff stats

  1. 13  django/contrib/formtools/utils.py
13  django/contrib/formtools/utils.py
@@ -15,19 +15,8 @@ def security_hash(request, form, *args):
15 15
         order, pickles the result with the SECRET_KEY setting, then takes an md5
16 16
         hash of that.
17 17
         """
18  
-        # Ensure that the hash does not change when a BooleanField's bound
19  
-        # data is a string `False' or a boolean False.
20  
-        # Rather than re-coding this special behaviour here, we
21  
-        # create a dummy BooleanField and call its clean method to get a
22  
-        # boolean True or False verdict that is consistent with
23  
-        # BooleanField.clean()
24  
-        dummy_bool = BooleanField(required=False)
25  
-        def _cleaned_data(bf):
26  
-            if isinstance(bf.field, BooleanField):
27  
-                return dummy_bool.clean(bf.data)
28  
-            return bf.data
29 18
         
30  
-        data = [(bf.name, _cleaned_data(bf) or '') for bf in form]
  19
+        data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form]
31 20
         data.extend(args)
32 21
         data.append(settings.SECRET_KEY)
33 22
         

0 notes on commit 2ca8cf3

Please sign in to comment.
Something went wrong with that request. Please try again.