Loading django/contrib/sessions/backends/base.py +7 −4 Original line number Diff line number Diff line from __future__ import unicode_literals import base64 import time from datetime import datetime, timedelta Loading @@ -12,6 +14,7 @@ from django.utils.crypto import constant_time_compare from django.utils.crypto import get_random_string from django.utils.crypto import salted_hmac from django.utils import timezone from django.utils.encoding import smart_bytes class CreateError(Exception): """ Loading Loading @@ -78,15 +81,15 @@ class SessionBase(object): "Returns the given session dictionary pickled and encoded as a string." pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL) hash = self._hash(pickled) return base64.encodestring(hash + ":" + pickled) return base64.encodestring(hash.encode() + b":" + pickled) def decode(self, session_data): encoded_data = base64.decodestring(session_data) encoded_data = base64.decodestring(smart_bytes(session_data)) try: # could produce ValueError if there is no ':' hash, pickled = encoded_data.split(':', 1) hash, pickled = encoded_data.split(b':', 1) expected_hash = self._hash(pickled) if not constant_time_compare(hash, expected_hash): if not constant_time_compare(hash.decode(), expected_hash): raise SuspiciousOperation("Session data corrupted") else: return pickle.loads(pickled) Loading django/contrib/sessions/backends/db.py +1 −2 Original line number Diff line number Diff line from django.contrib.sessions.backends.base import SessionBase, CreateError from django.core.exceptions import SuspiciousOperation from django.db import IntegrityError, transaction, router from django.utils.encoding import force_text from django.utils import timezone Loading @@ -18,7 +17,7 @@ class SessionStore(SessionBase): session_key = self.session_key, expire_date__gt=timezone.now() ) return self.decode(force_text(s.session_data)) return self.decode(s.session_data) except (Session.DoesNotExist, SuspiciousOperation): self.create() return {} Loading Loading
django/contrib/sessions/backends/base.py +7 −4 Original line number Diff line number Diff line from __future__ import unicode_literals import base64 import time from datetime import datetime, timedelta Loading @@ -12,6 +14,7 @@ from django.utils.crypto import constant_time_compare from django.utils.crypto import get_random_string from django.utils.crypto import salted_hmac from django.utils import timezone from django.utils.encoding import smart_bytes class CreateError(Exception): """ Loading Loading @@ -78,15 +81,15 @@ class SessionBase(object): "Returns the given session dictionary pickled and encoded as a string." pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL) hash = self._hash(pickled) return base64.encodestring(hash + ":" + pickled) return base64.encodestring(hash.encode() + b":" + pickled) def decode(self, session_data): encoded_data = base64.decodestring(session_data) encoded_data = base64.decodestring(smart_bytes(session_data)) try: # could produce ValueError if there is no ':' hash, pickled = encoded_data.split(':', 1) hash, pickled = encoded_data.split(b':', 1) expected_hash = self._hash(pickled) if not constant_time_compare(hash, expected_hash): if not constant_time_compare(hash.decode(), expected_hash): raise SuspiciousOperation("Session data corrupted") else: return pickle.loads(pickled) Loading
django/contrib/sessions/backends/db.py +1 −2 Original line number Diff line number Diff line from django.contrib.sessions.backends.base import SessionBase, CreateError from django.core.exceptions import SuspiciousOperation from django.db import IntegrityError, transaction, router from django.utils.encoding import force_text from django.utils import timezone Loading @@ -18,7 +17,7 @@ class SessionStore(SessionBase): session_key = self.session_key, expire_date__gt=timezone.now() ) return self.decode(force_text(s.session_data)) return self.decode(s.session_data) except (Session.DoesNotExist, SuspiciousOperation): self.create() return {} Loading
