Skip to content

Commit

Permalink
sha1 expects bytes, so we encode str
Browse files Browse the repository at this point in the history 
hashlib.sha1 operates on bytes.
  • Loading branch information
@w-diesel
w-diesel committed Apr 14, 2013
1 parent f5d4cde commit 3c1bf7a
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions debug_toolbar/views.py
View file
Expand Up @@ -45,7 +45,8 @@ def sql_select(request):
sql = request.GET.get('sql', '')
params = request.GET.get('params', '')
alias = request.GET.get('alias', 'default')
hash = sha1(settings.SECRET_KEY + sql + params).hexdigest()
bdata = (settings.SECRET_KEY + sql + params).encode()
hash = sha1(bdata).hexdigest()
if hash != request.GET.get('hash', ''):
return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().strip().startswith('select'):
Expand Down Expand Up @@ -80,6 +81,7 @@ def sql_explain(request):
sql = request.GET.get('sql', '')
params = request.GET.get('params', '')
alias = request.GET.get('alias', 'default')
bdata = (settings.SECRET_KEY + sql + params).encode()
hash = sha1(settings.SECRET_KEY + sql + params).hexdigest()
if hash != request.GET.get('hash', ''):
return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
Expand Down Expand Up @@ -128,7 +130,8 @@ def sql_profile(request):
sql = request.GET.get('sql', '')
params = request.GET.get('params', '')
alias = request.GET.get('alias', 'default')
hash = sha1(settings.SECRET_KEY + sql + params).hexdigest()
bdata = (settings.SECRET_KEY + sql + params).encode()
hash = sha1(bdata).hexdigest()
if hash != request.GET.get('hash', ''):
return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().strip().startswith('select'):
Expand Down

0 comments on commit 3c1bf7a

Please sign in to comment.