Loading django/middleware/common.py +2 −7 Original line number Diff line number Diff line Loading @@ -5,6 +5,7 @@ import re from django import http from django.conf import settings from django.core import urlresolvers from django.core.exceptions import PermissionDenied from django.core.mail import mail_managers from django.utils.encoding import force_text Loading Loading @@ -47,13 +48,7 @@ class CommonMiddleware(object): if 'HTTP_USER_AGENT' in request.META: for user_agent_regex in settings.DISALLOWED_USER_AGENTS: if user_agent_regex.search(request.META['HTTP_USER_AGENT']): logger.warning('Forbidden (User agent): %s', request.path, extra={ 'status_code': 403, 'request': request } ) return http.HttpResponseForbidden('<h1>Forbidden</h1>') raise PermissionDenied('Forbidden user agent') # Check for a redirect based on settings.APPEND_SLASH # and settings.PREPEND_WWW Loading docs/releases/1.9.txt +6 −0 Original line number Diff line number Diff line Loading @@ -452,6 +452,12 @@ Requests and Responses <django.http.HttpRequest.urlconf>` to ``None`` to revert any changes made by previous middleware and return to using the :setting:`ROOT_URLCONF`. * The :setting:`DISALLOWED_USER_AGENTS` check in :class:`~django.middleware.common.CommonMiddleware` now raises a :class:`~django.core.exceptions.PermissionDenied` exception as opposed to returning an :class:`~django.http.HttpResponseForbidden` so that :data:`~django.conf.urls.handler403` is invoked. Tests ^^^^^ Loading tests/middleware/tests.py +3 −3 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ from unittest import skipIf from django.conf import settings from django.core import mail from django.core.exceptions import PermissionDenied from django.http import ( FileResponse, HttpRequest, HttpResponse, HttpResponsePermanentRedirect, HttpResponseRedirect, StreamingHttpResponse, Loading Loading @@ -256,9 +257,8 @@ class CommonMiddlewareTest(SimpleTestCase): with patch_logger('django.request', 'warning') as log_messages: request = self.rf.get('/slash') request.META['HTTP_USER_AGENT'] = 'foo' r = CommonMiddleware().process_request(request) self.assertEqual(r.status_code, 403) self.assertEqual(log_messages, ['Forbidden (User agent): /slash']) with self.assertRaisesMessage(PermissionDenied, 'Forbidden user agent'): CommonMiddleware().process_request(request) def test_non_ascii_query_string_does_not_crash(self): """Regression test for #15152""" Loading Loading
django/middleware/common.py +2 −7 Original line number Diff line number Diff line Loading @@ -5,6 +5,7 @@ import re from django import http from django.conf import settings from django.core import urlresolvers from django.core.exceptions import PermissionDenied from django.core.mail import mail_managers from django.utils.encoding import force_text Loading Loading @@ -47,13 +48,7 @@ class CommonMiddleware(object): if 'HTTP_USER_AGENT' in request.META: for user_agent_regex in settings.DISALLOWED_USER_AGENTS: if user_agent_regex.search(request.META['HTTP_USER_AGENT']): logger.warning('Forbidden (User agent): %s', request.path, extra={ 'status_code': 403, 'request': request } ) return http.HttpResponseForbidden('<h1>Forbidden</h1>') raise PermissionDenied('Forbidden user agent') # Check for a redirect based on settings.APPEND_SLASH # and settings.PREPEND_WWW Loading
docs/releases/1.9.txt +6 −0 Original line number Diff line number Diff line Loading @@ -452,6 +452,12 @@ Requests and Responses <django.http.HttpRequest.urlconf>` to ``None`` to revert any changes made by previous middleware and return to using the :setting:`ROOT_URLCONF`. * The :setting:`DISALLOWED_USER_AGENTS` check in :class:`~django.middleware.common.CommonMiddleware` now raises a :class:`~django.core.exceptions.PermissionDenied` exception as opposed to returning an :class:`~django.http.HttpResponseForbidden` so that :data:`~django.conf.urls.handler403` is invoked. Tests ^^^^^ Loading
tests/middleware/tests.py +3 −3 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ from unittest import skipIf from django.conf import settings from django.core import mail from django.core.exceptions import PermissionDenied from django.http import ( FileResponse, HttpRequest, HttpResponse, HttpResponsePermanentRedirect, HttpResponseRedirect, StreamingHttpResponse, Loading Loading @@ -256,9 +257,8 @@ class CommonMiddlewareTest(SimpleTestCase): with patch_logger('django.request', 'warning') as log_messages: request = self.rf.get('/slash') request.META['HTTP_USER_AGENT'] = 'foo' r = CommonMiddleware().process_request(request) self.assertEqual(r.status_code, 403) self.assertEqual(log_messages, ['Forbidden (User agent): /slash']) with self.assertRaisesMessage(PermissionDenied, 'Forbidden user agent'): CommonMiddleware().process_request(request) def test_non_ascii_query_string_does_not_crash(self): """Regression test for #15152""" Loading
