Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #17778 -- Prevented class attributes on context from resolving …

…as template variables.

Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.
  • Loading branch information...
commit 71b5617c24bb997db294480f07611233069e3359 1 parent 6bdb3b1
@timgraham timgraham authored
Showing with 14 additions and 2 deletions.
  1. +4 −1 django/template/base.py
  2. +10 −1 tests/template_tests/test_context.py
View
5 django/template/base.py
@@ -6,7 +6,7 @@
from inspect import getargspec
from django.conf import settings
-from django.template.context import (Context, RequestContext,
+from django.template.context import (BaseContext, Context, RequestContext,
ContextPopException)
from django.utils.itercompat import is_iterable
from django.utils.text import (smart_split, unescape_string_literal,
@@ -765,6 +765,9 @@ def _resolve_lookup(self, context):
current = current[bit]
except (TypeError, AttributeError, KeyError, ValueError):
try: # attribute lookup
+ # Don't return class attributes if the class is the context:
+ if isinstance(current, BaseContext) and getattr(type(current), bit):
+ raise AttributeError
current = getattr(current, bit)
except (TypeError, AttributeError):
try: # list-index lookup
View
11 tests/template_tests/test_context.py
@@ -2,7 +2,7 @@
from unittest import TestCase
-from django.template import Context
+from django.template import Context, Variable, VariableDoesNotExist
class ContextTests(TestCase):
@@ -25,3 +25,12 @@ def test_context(self):
with c.push(a=3):
self.assertEqual(c['a'], 3)
self.assertEqual(c['a'], 1)
+
+ def test_resolve_on_context_method(self):
+ # Regression test for #17778
+ empty_context = Context()
+ self.assertRaises(VariableDoesNotExist,
+ Variable('no_such_variable').resolve, empty_context)
+ self.assertRaises(VariableDoesNotExist,
+ Variable('new').resolve, empty_context)
+ self.assertEqual(Variable('new').resolve(Context({'new': 'foo'})), 'foo')
Please sign in to comment.
Something went wrong with that request. Please try again.