Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Removed Django 1.2 compatibility fallback for contrib.comments forms …

…hash.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15953 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 5fa11b00352ec14c30a1eeea1377339adc8fc3ff 1 parent c922a04
@spookylukey spookylukey authored
View
14 django/contrib/comments/forms.py
@@ -1,5 +1,4 @@
import datetime
-import hashlib
import time
from django import forms
from django.forms.util import ErrorDict
@@ -47,12 +46,7 @@ def clean_security_hash(self):
expected_hash = self.generate_security_hash(**security_hash_dict)
actual_hash = self.cleaned_data["security_hash"]
if not constant_time_compare(expected_hash, actual_hash):
- # Fallback to Django 1.2 method for compatibility
- # PendingDeprecationWarning <- here to remind us to remove this
- # fallback in Django 1.5
- expected_hash_old = self._generate_security_hash_old(**security_hash_dict)
- if not constant_time_compare(expected_hash_old, actual_hash):
- raise forms.ValidationError("Security hash check failed.")
+ raise forms.ValidationError("Security hash check failed.")
return actual_hash
def clean_timestamp(self):
@@ -95,12 +89,6 @@ def generate_security_hash(self, content_type, object_pk, timestamp):
value = "-".join(info)
return salted_hmac(key_salt, value).hexdigest()
- def _generate_security_hash_old(self, content_type, object_pk, timestamp):
- """Generate a (SHA1) security hash from the provided info."""
- # Django 1.2 compatibility
- info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
- return hashlib.sha1("".join(info)).hexdigest()
-
class CommentDetailsForm(CommentSecurityForm):
"""
Handles the specific details of the comment (name, comment, etc.).
View
18 tests/regressiontests/comment_tests/tests/comment_form_tests.py
@@ -1,4 +1,3 @@
-import hashlib
import time
from django.conf import settings
@@ -46,23 +45,6 @@ def testContentTypeTampering(self):
def testObjectPKTampering(self):
self.tamperWithForm(object_pk="3")
- def testDjango12Hash(self):
- # Ensure we can use the hashes generated by Django 1.2
- a = Article.objects.get(pk=1)
- d = self.getValidData(a)
-
- content_type = d['content_type']
- object_pk = d['object_pk']
- timestamp = d['timestamp']
-
- # The Django 1.2 method hard-coded here:
- info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
- security_hash = hashlib.sha1("".join(info)).hexdigest()
-
- d['security_hash'] = security_hash
- f = CommentForm(a, data=d)
- self.assertTrue(f.is_valid(), f.errors)
-
def testSecurityErrors(self):
f = self.tamperWithForm(honeypot="I am a robot")
self.assertTrue("honeypot" in f.security_errors())
Please sign in to comment.
Something went wrong with that request. Please try again.