Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #10643: fixed the formtools security hash to handle allowed emp…

…ty forms or forms without changed data.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 96b5b6b34c293618824d12dfb29cdd5cec1c2e7e 1 parent fce800f
Jacob Kaplan-Moss authored May 12, 2009
25  django/contrib/formtools/tests.py
@@ -110,16 +110,31 @@ def test_textfield_hash(self):
110 110
         leading/trailing whitespace so as to be friendly to broken browsers that
111 111
         submit it (usually in textareas).
112 112
         """
113  
-        class TestForm(forms.Form):
114  
-            name = forms.CharField()
115  
-            bio = forms.CharField()
  113
+        f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
  114
+        f2 = HashTestForm({'name': '  joe', 'bio': 'Nothing notable.  '})
  115
+        hash1 = utils.security_hash(None, f1)
  116
+        hash2 = utils.security_hash(None, f2)
  117
+        self.assertEqual(hash1, hash2)
116 118
         
117  
-        f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'})
118  
-        f2 = TestForm({'name': '  joe', 'bio': 'Nothing notable.  '})
  119
+    def test_empty_permitted(self):
  120
+        """
  121
+        Regression test for #10643: the security hash should allow forms with
  122
+        empty_permitted = True, or forms where data has not changed.
  123
+        """
  124
+        f1 = HashTestBlankForm({})
  125
+        f2 = HashTestForm({}, empty_permitted=True)
119 126
         hash1 = utils.security_hash(None, f1)
120 127
         hash2 = utils.security_hash(None, f2)
121 128
         self.assertEqual(hash1, hash2)
122 129
 
  130
+class HashTestForm(forms.Form):
  131
+    name = forms.CharField()
  132
+    bio = forms.CharField()
  133
+
  134
+class HashTestBlankForm(forms.Form):
  135
+    name = forms.CharField(required=False)
  136
+    bio = forms.CharField(required=False)
  137
+
123 138
 #
124 139
 # FormWizard tests
125 140
 #
8  django/contrib/formtools/utils.py
@@ -18,10 +18,16 @@ def security_hash(request, form, *args):
18 18
 
19 19
     data = []
20 20
     for bf in form:
21  
-        value = bf.field.clean(bf.data) or ''
  21
+        # Get the value from the form data. If the form allows empty or hasn't
  22
+        # changed then don't call clean() to avoid trigger validation errors.
  23
+        if form.empty_permitted and not form.has_changed():
  24
+            value = bf.data or ''
  25
+        else:
  26
+            value = bf.field.clean(bf.data) or ''
22 27
         if isinstance(value, basestring):
23 28
             value = value.strip()
24 29
         data.append((bf.name, value))
  30
+        
25 31
     data.extend(args)
26 32
     data.append(settings.SECRET_KEY)
27 33
 

0 notes on commit 96b5b6b

Please sign in to comment.
Something went wrong with that request. Please try again.