Loading django/views/debug.py +9 −1 Original line number Diff line number Diff line Loading @@ -186,7 +186,15 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter): return request.POST def cleanse_special_types(self, request, value): if isinstance(value, HttpRequest): try: # If value is lazy or a complex object of another kind, this check # might raise an exception. isinstance checks that lazy HttpRequests # or MultiValueDicts will have a return value. is_request = isinstance(value, HttpRequest) except Exception as e: return '{!r} while evaluating {!r}'.format(e, value) if is_request: # Cleanse the request's POST parameters. value = self.get_request_repr(value) elif isinstance(value, MultiValueDict): Loading tests/view_tests/tests/test_debug.py +31 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ from django.template.base import TemplateDoesNotExist from django.test import RequestFactory, TestCase, override_settings from django.utils import six from django.utils.encoding import force_bytes, force_text from django.utils.functional import SimpleLazyObject from django.views.debug import CallableSettingWrapper, ExceptionReporter from .. import BrokenException, except_args Loading Loading @@ -380,6 +381,36 @@ class ExceptionReporterTests(TestCase): html = reporter.get_traceback_html() self.assertIn('<h1>ImportError at /test_view/</h1>', html) def test_ignore_traceback_evaluation_exceptions(self): """ Don't trip over exceptions generated by crafted objects when evaluating them while cleansing (#24455). """ class BrokenEvaluation(Exception): pass def broken_setup(): raise BrokenEvaluation request = self.rf.get('/test_view/') broken_lazy = SimpleLazyObject(broken_setup) try: bool(broken_lazy) except BrokenEvaluation: exc_type, exc_value, tb = sys.exc_info() reporter = ExceptionReporter(request, exc_type, exc_value, tb) try: html = reporter.get_traceback_html() except BrokenEvaluation: self.fail("Broken evaluation in traceback is not caught.") self.assertIn( "BrokenEvaluation", html, "Evaluation exception reason not mentioned in traceback" ) class PlainTextReportTests(TestCase): rf = RequestFactory() Loading Loading
django/views/debug.py +9 −1 Original line number Diff line number Diff line Loading @@ -186,7 +186,15 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter): return request.POST def cleanse_special_types(self, request, value): if isinstance(value, HttpRequest): try: # If value is lazy or a complex object of another kind, this check # might raise an exception. isinstance checks that lazy HttpRequests # or MultiValueDicts will have a return value. is_request = isinstance(value, HttpRequest) except Exception as e: return '{!r} while evaluating {!r}'.format(e, value) if is_request: # Cleanse the request's POST parameters. value = self.get_request_repr(value) elif isinstance(value, MultiValueDict): Loading
tests/view_tests/tests/test_debug.py +31 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ from django.template.base import TemplateDoesNotExist from django.test import RequestFactory, TestCase, override_settings from django.utils import six from django.utils.encoding import force_bytes, force_text from django.utils.functional import SimpleLazyObject from django.views.debug import CallableSettingWrapper, ExceptionReporter from .. import BrokenException, except_args Loading Loading @@ -380,6 +381,36 @@ class ExceptionReporterTests(TestCase): html = reporter.get_traceback_html() self.assertIn('<h1>ImportError at /test_view/</h1>', html) def test_ignore_traceback_evaluation_exceptions(self): """ Don't trip over exceptions generated by crafted objects when evaluating them while cleansing (#24455). """ class BrokenEvaluation(Exception): pass def broken_setup(): raise BrokenEvaluation request = self.rf.get('/test_view/') broken_lazy = SimpleLazyObject(broken_setup) try: bool(broken_lazy) except BrokenEvaluation: exc_type, exc_value, tb = sys.exc_info() reporter = ExceptionReporter(request, exc_type, exc_value, tb) try: html = reporter.get_traceback_html() except BrokenEvaluation: self.fail("Broken evaluation in traceback is not caught.") self.assertIn( "BrokenEvaluation", html, "Evaluation exception reason not mentioned in traceback" ) class PlainTextReportTests(TestCase): rf = RequestFactory() Loading
