Fixed #22804 -- Warned on unsafe value of 'sep=' in Signer #2784

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
@wolever
Contributor

wolever commented Jun 9, 2014

Issues a warning if the the separator passed to django.core.signing.Signer is an invalid value.

See also: https://code.djangoproject.com/ticket/22804

@timgraham

This comment has been minimized.

Show comment
Hide comment
@timgraham

timgraham Jun 10, 2014

Member

Hi, it looks like you've sent a pull request without filing a Trac ticket. Please file a ticket to suggest changes.

See also our patch review checklist.

Member

timgraham commented Jun 10, 2014

Hi, it looks like you've sent a pull request without filing a Trac ticket. Please file a ticket to suggest changes.

See also our patch review checklist.

@wolever

This comment has been minimized.

Show comment
Hide comment
@wolever

wolever Jun 10, 2014

Contributor

Ah, I suppose this doesn't qualify as a "very minor change", then.

Ticket has been created: https://code.djangoproject.com/ticket/22804

Contributor

wolever commented Jun 10, 2014

Ah, I suppose this doesn't qualify as a "very minor change", then.

Ticket has been created: https://code.djangoproject.com/ticket/22804

+ if self.sep in _SEP_UNSAFE:
+ warnings.warn(
+ "Unsafe Signer separator: %r (cannot be in %r)"
+ % (self.sep, "".join(_SEP_UNSAFE)))

This comment has been minimized.

@timgraham

timgraham Jun 24, 2014

Member

probably want something like: sorted(_SEP_UNSAFE) so the order isn't random. Might be clearer to output something like "0-9A-Za-z-_=" though.

@timgraham

timgraham Jun 24, 2014

Member

probably want something like: sorted(_SEP_UNSAFE) so the order isn't random. Might be clearer to output something like "0-9A-Za-z-_=" though.

@@ -150,6 +155,10 @@ class Signer(object):
def __init__(self, key=None, sep=':', salt=None):
# Use of native strings in all versions of Python
self.sep = force_str(sep)
+ if self.sep in _SEP_UNSAFE:

This comment has been minimized.

@timgraham

timgraham Jun 24, 2014

Member

won't work if sep is more than a single character.

@timgraham

timgraham Jun 24, 2014

Member

won't work if sep is more than a single character.

@timgraham

This comment has been minimized.

Show comment
Hide comment
@timgraham

timgraham Jul 8, 2014

Member

Please send a new PR if you can update it as described in the ticket, thanks.

Member

timgraham commented Jul 8, 2014

Please send a new PR if you can update it as described in the ticket, thanks.

@timgraham timgraham closed this Jul 8, 2014

@timgraham timgraham changed the title from Warn on unsafe value of 'sep=' in Signer to Fixed #22804 -- Warned on unsafe value of 'sep=' in Signer Jun 2, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment