Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.6.x] Fixed #17778 -- Prevented class attributes on context from re…

…solving as template variables.

Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.

Backport of 71b5617 from master.
  • Loading branch information...
commit ccff25b1431bd1bb9d633b1ca1d3aff79acc33d9 1 parent d2419bb
@timgraham timgraham authored
Showing with 14 additions and 2 deletions.
  1. +4 −1 django/template/base.py
  2. +10 −1 tests/template_tests/test_context.py
View
5 django/template/base.py
@@ -5,7 +5,7 @@
from inspect import getargspec
from django.conf import settings
-from django.template.context import (Context, RequestContext,
+from django.template.context import (BaseContext, Context, RequestContext,
ContextPopException)
from django.utils.importlib import import_module
from django.utils.itercompat import is_iterable
@@ -765,6 +765,9 @@ def _resolve_lookup(self, context):
current = current[bit]
except (TypeError, AttributeError, KeyError, ValueError):
try: # attribute lookup
+ # Don't return class attributes if the class is the context:
+ if isinstance(current, BaseContext) and getattr(type(current), bit):
+ raise AttributeError
current = getattr(current, bit)
except (TypeError, AttributeError):
try: # list-index lookup
View
11 tests/template_tests/test_context.py
@@ -1,5 +1,5 @@
# coding: utf-8
-from django.template import Context
+from django.template import Context, Variable, VariableDoesNotExist
from django.utils.unittest import TestCase
@@ -14,3 +14,12 @@ def test_context(self):
self.assertEqual(c.pop(), {"a": 2})
self.assertEqual(c["a"], 1)
self.assertEqual(c.get("foo", 42), 42)
+
+ def test_resolve_on_context_method(self):
+ # Regression test for #17778
+ empty_context = Context()
+ self.assertRaises(VariableDoesNotExist,
+ Variable('no_such_variable').resolve, empty_context)
+ self.assertRaises(VariableDoesNotExist,
+ Variable('new').resolve, empty_context)
+ self.assertEqual(Variable('new').resolve(Context({'new': 'foo'})), 'foo')
Please sign in to comment.
Something went wrong with that request. Please try again.