Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Replaced pickle by json in form_hmac calculation

Refs #18340
  • Loading branch information...
commit b109ff8062f4bb225181ec462d69c9dd79339567 1 parent 0dac73e
@claudep claudep authored
View
19 django/contrib/formtools/tests/__init__.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
from __future__ import unicode_literals
import os
@@ -165,8 +166,8 @@ def test_textfield_hash(self):
leading/trailing whitespace so as to be friendly to broken browsers that
submit it (usually in textareas).
"""
- f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
- f2 = HashTestForm({'name': ' joe', 'bio': 'Nothing notable. '})
+ f1 = HashTestForm({'name': 'joe', 'bio': 'Speaking español.'})
+ f2 = HashTestForm({'name': ' joe', 'bio': 'Speaking español. '})
hash1 = utils.form_hmac(f1)
hash2 = utils.form_hmac(f2)
self.assertEqual(hash1, hash2)
@@ -270,7 +271,7 @@ def test_good_hash(self):
"""
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
+ "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
"wizard_step": "1"}
response = self.client.post('/wizard1/', data)
self.assertEqual(2, response.context['step0'])
@@ -295,15 +296,15 @@ def process_step(self, request, form, step):
wizard = WizardWithProcessStep([WizardPageOneForm])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
+ "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
- "hash_1": "1e6f6315da42e62f33a30640ec7e007ad3fbf1a1",
+ "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
+ "hash_1": "4c352938f08b0e6467bef3cda578a1d4a82edc66",
"wizard_step": "2"}
self.assertRaises(http.Http404, wizard, DummyRequest(POST=data))
@@ -325,7 +326,7 @@ def process_step(self, request, form, step):
WizardPageThreeForm])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
+ "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
@@ -349,7 +350,7 @@ def done(self, request, form_list):
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
+ "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
@@ -375,7 +376,7 @@ def process_step(self, request, form, step):
WizardPageThreeForm])
data = {"0-field": "test",
"1-field": "test2",
- "hash_0": "cd13b1db3e8f55174bc5745a1b1a53408d4fd1ca",
+ "hash_0": "09a53d8de15fc155bad33423e1d2ee2d82484d8a",
"wizard_step": "1"}
wizard(DummyRequest(POST=data))
self.assertTrue(reached[0])
View
8 django/contrib/formtools/utils.py
@@ -1,5 +1,6 @@
-# Do not try cPickle here (see #18340)
-import pickle
+from __future__ import unicode_literals
+
+import json
from django.utils.crypto import salted_hmac
from django.utils import six
@@ -21,6 +22,5 @@ def form_hmac(form):
value = value.strip()
data.append((bf.name, value))
- pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
key_salt = 'django.contrib.formtools'
- return salted_hmac(key_salt, pickled).hexdigest()
+ return salted_hmac(key_salt, json.dumps(data)).hexdigest()
Please sign in to comment.
Something went wrong with that request. Please try again.