[1.0.X] Fixed #10034: the formtools security hash function is now friendlier... (08577ab0) · Commits · Dom Sekotill / django

django/contrib/formtools/tests.py

+20 −1

Original line number	Diff line number	Diff line
		import unittest
		from django import forms
		from django.contrib.formtools import preview, wizard
		from django.contrib.formtools import preview, wizard, utils
		from django import http
		from django.test import TestCase

		@@ -101,6 +102,24 @@ class PreviewTests(TestCase):
		response = self.client.post('/test1/', self.test_data)
		self.assertEqual(response.content, success_string)

		class SecurityHashTests(unittest.TestCase):

		def test_textfield_hash(self):
		"""
		Regression test for #10034: the hash generation function should ignore
		leading/trailing whitespace so as to be friendly to broken browsers that
		submit it (usually in textareas).
		"""
		class TestForm(forms.Form):
		name = forms.CharField()
		bio = forms.CharField()

		f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'})
		f2 = TestForm({'name': ' joe', 'bio': 'Nothing notable. '})
		hash1 = utils.security_hash(None, f1)
		hash2 = utils.security_hash(None, f2)
		self.assertEqual(hash1, hash2)

		#
		# FormWizard tests
		#

+6 −1

Original line number	Diff line number	Diff line
		@@ -16,7 +16,12 @@ def security_hash(request, form, *args):
		hash of that.
		"""

		data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form]
		data = []
		for bf in form:
		value = bf.field.clean(bf.data) or ''
		if isinstance(value, basestring):
		value = value.strip()
		data.append((bf.name, value))
		data.extend(args)
		data.append(settings.SECRET_KEY)