Commit 2ca8cf36 authored by Jacob Kaplan-Moss's avatar Jacob Kaplan-Moss
Browse files

Fixed #8653: make formtools' security hash more rubust. Silly that I didn't... 

Fixed #8653: make formtools' security hash more rubust. Silly that I didn't think of this before; thanks to bthomas for providing the obvious fix.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8715 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 71076ae2

django/contrib/formtools/utils.py

+1 −12
Original line number Diff line number Diff line
@@ -15,19 +15,8 @@ def security_hash(request, form, *args): 
        order, pickles the result with the SECRET_KEY setting, then takes an md5

        hash of that.

        """

        # Ensure that the hash does not change when a BooleanField's bound

        # data is a string `False' or a boolean False.

        # Rather than re-coding this special behaviour here, we

        # create a dummy BooleanField and call its clean method to get a

        # boolean True or False verdict that is consistent with

        # BooleanField.clean()

        dummy_bool = BooleanField(required=False)

        def _cleaned_data(bf):

            if isinstance(bf.field, BooleanField):

                return dummy_bool.clean(bf.data)

            return bf.data

        

        data = [(bf.name, _cleaned_data(bf) or '') for bf in form]

        data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form]

        data.extend(args)

        data.append(settings.SECRET_KEY)