Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Removed deprecated and undocumented function django.contrib.formtools…

….utils.security_hash().

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17841 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit dec21a1d4b37238d1f036e83bcd0a3e7eddc33c2 1 parent c7229c6
@aaugustin aaugustin authored
View
33 django/contrib/formtools/tests/__init__.py
@@ -172,39 +172,6 @@ def test_form_submit_bad_hash(self):
self.assertNotEqual(response.content, success_string)
-class SecurityHashTests(unittest.TestCase):
- def setUp(self):
- self._warnings_state = get_warnings_state()
- warnings.filterwarnings('ignore', category=DeprecationWarning,
- module='django.contrib.formtools.utils')
-
- def tearDown(self):
- restore_warnings_state(self._warnings_state)
-
- def test_textfield_hash(self):
- """
- Regression test for #10034: the hash generation function should ignore
- leading/trailing whitespace so as to be friendly to broken browsers that
- submit it (usually in textareas).
- """
- f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
- f2 = HashTestForm({'name': ' joe', 'bio': 'Nothing notable. '})
- hash1 = utils.security_hash(None, f1)
- hash2 = utils.security_hash(None, f2)
- self.assertEqual(hash1, hash2)
-
- def test_empty_permitted(self):
- """
- Regression test for #10643: the security hash should allow forms with
- empty_permitted = True, or forms where data has not changed.
- """
- f1 = HashTestBlankForm({})
- f2 = HashTestForm({}, empty_permitted=True)
- hash1 = utils.security_hash(None, f1)
- hash2 = utils.security_hash(None, f2)
- self.assertEqual(hash1, hash2)
-
-
class FormHmacTests(unittest.TestCase):
"""
Same as SecurityHashTests, but with form_hmac
View
34 django/contrib/formtools/utils.py
@@ -3,43 +3,9 @@
except ImportError:
import pickle
-import hashlib
-from django.conf import settings
from django.utils.crypto import salted_hmac
-def security_hash(request, form, *args):
- """
- Calculates a security hash for the given Form instance.
-
- This creates a list of the form field names/values in a deterministic
- order, pickles the result with the SECRET_KEY setting, then takes an md5
- hash of that.
- """
- import warnings
- warnings.warn("security_hash is deprecated; use form_hmac instead",
- DeprecationWarning)
- data = []
- for bf in form:
- # Get the value from the form data. If the form allows empty or hasn't
- # changed then don't call clean() to avoid trigger validation errors.
- if form.empty_permitted and not form.has_changed():
- value = bf.data or ''
- else:
- value = bf.field.clean(bf.data) or ''
- if isinstance(value, basestring):
- value = value.strip()
- data.append((bf.name, value))
-
- data.extend(args)
- data.append(settings.SECRET_KEY)
-
- # Use HIGHEST_PROTOCOL because it's the most efficient.
- pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
-
- return hashlib.md5(pickled).hexdigest()
-
-
def form_hmac(form):
"""
Calculates a security hash for the given Form instance.
Please sign in to comment.
Something went wrong with that request. Please try again.