Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #18923 -- Corrected usage of sensitive_post_parameters in contr…

…ib.auth

Thanks Collin Anderson for the report.
  • Loading branch information...
commit 425d076d0c8cf7376a1478d118c58bcff5b1b74d 1 parent 1b47508
Tim Graham authored August 02, 2013
5  django/contrib/auth/admin.py
@@ -17,6 +17,7 @@
17 17
 from django.views.decorators.debug import sensitive_post_parameters
18 18
 
19 19
 csrf_protect_m = method_decorator(csrf_protect)
  20
+sensitive_post_parameters_m = method_decorator(sensitive_post_parameters())
20 21
 
21 22
 
22 23
 class GroupAdmin(admin.ModelAdmin):
@@ -87,7 +88,7 @@ def lookup_allowed(self, lookup, value):
87 88
             return False
88 89
         return super(UserAdmin, self).lookup_allowed(lookup, value)
89 90
 
90  
-    @sensitive_post_parameters()
  91
+    @sensitive_post_parameters_m
91 92
     @csrf_protect_m
92 93
     @transaction.atomic
93 94
     def add_view(self, request, form_url='', extra_context=None):
@@ -118,7 +119,7 @@ def add_view(self, request, form_url='', extra_context=None):
118 119
         return super(UserAdmin, self).add_view(request, form_url,
119 120
                                                extra_context)
120 121
 
121  
-    @sensitive_post_parameters()
  122
+    @sensitive_post_parameters_m
122 123
     def user_change_password(self, request, id, form_url=''):
123 124
         if not self.has_change_permission(request):
124 125
             raise PermissionDenied
6  django/views/decorators/debug.py
... ...
@@ -1,5 +1,7 @@
1 1
 import functools
2 2
 
  3
+from django.http import HttpRequest
  4
+
3 5
 
4 6
 def sensitive_variables(*variables):
5 7
     """
@@ -62,6 +64,10 @@ def my_view(request)
62 64
     def decorator(view):
63 65
         @functools.wraps(view)
64 66
         def sensitive_post_parameters_wrapper(request, *args, **kwargs):
  67
+            assert isinstance(request, HttpRequest), (
  68
+              "sensitive_post_parameters didn't receive an HttpRequest. If you "
  69
+              "are decorating a classmethod, be sure to use @method_decorator."
  70
+            )
65 71
             if parameters:
66 72
                 request.sensitive_post_parameters = parameters
67 73
             else:

0 notes on commit 425d076

Please sign in to comment.
Something went wrong with that request. Please try again.