Loading django/contrib/formtools/exceptions.pydeleted 100644 → 0 +0 −6 Original line number Diff line number Diff line from django.core.exceptions import SuspiciousOperation class WizardViewCookieModified(SuspiciousOperation): """Signature of cookie modified""" pass django/contrib/formtools/tests/wizard/test_cookiestorage.py +1 −2 Original line number Diff line number Diff line from django.test import TestCase from django.core import signing from django.core.exceptions import SuspiciousOperation from django.http import HttpResponse from django.contrib.auth.tests.utils import skipIfCustomUser Loading @@ -25,7 +24,7 @@ class TestCookieStorage(TestStorage, TestCase): self.assertEqual(storage.load_data(), {'key1': 'value1'}) storage.request.COOKIES[storage.prefix] = 'i_am_manipulated' self.assertRaises(SuspiciousOperation, storage.load_data) self.assertIsNone(storage.load_data()) def test_reset_cookie(self): request = get_request() Loading django/contrib/formtools/wizard/storage/cookie.py +1 −9 Original line number Diff line number Diff line import json from django.core.signing import BadSignature from django.contrib.formtools.exceptions import WizardViewCookieModified from django.contrib.formtools.wizard import storage Loading @@ -16,12 +13,7 @@ class CookieStorage(storage.BaseStorage): self.init_data() def load_data(self): try: data = self.request.get_signed_cookie(self.prefix) except KeyError: data = None except BadSignature: raise WizardViewCookieModified('WizardView cookie manipulated') data = self.request.get_signed_cookie(self.prefix, default=None) if data is None: return None return json.loads(data, cls=json.JSONDecoder) Loading docs/releases/1.8.txt +7 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,13 @@ Minor features :mod:`django.contrib.formtools` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ... * A :doc:`form wizard </ref/contrib/formtools/form-wizard>` using the :class:`~django.contrib.formtools.wizard.views.CookieWizardView` will now ignore an invalid cookie, and the wizard will restart from the first step. An invalid cookie can occur in cases of intentional manipulation, but also after a secret key change. Previously, this would raise ``WizardViewCookieModified``, a ``SuspiciousOperation``, causing an exception for any user with an invalid cookie upon every request to the wizard, until the cookie is removed. :mod:`django.contrib.gis` ^^^^^^^^^^^^^^^^^^^^^^^^^^ Loading Loading
django/contrib/formtools/exceptions.pydeleted 100644 → 0 +0 −6 Original line number Diff line number Diff line from django.core.exceptions import SuspiciousOperation class WizardViewCookieModified(SuspiciousOperation): """Signature of cookie modified""" pass
django/contrib/formtools/tests/wizard/test_cookiestorage.py +1 −2 Original line number Diff line number Diff line from django.test import TestCase from django.core import signing from django.core.exceptions import SuspiciousOperation from django.http import HttpResponse from django.contrib.auth.tests.utils import skipIfCustomUser Loading @@ -25,7 +24,7 @@ class TestCookieStorage(TestStorage, TestCase): self.assertEqual(storage.load_data(), {'key1': 'value1'}) storage.request.COOKIES[storage.prefix] = 'i_am_manipulated' self.assertRaises(SuspiciousOperation, storage.load_data) self.assertIsNone(storage.load_data()) def test_reset_cookie(self): request = get_request() Loading
django/contrib/formtools/wizard/storage/cookie.py +1 −9 Original line number Diff line number Diff line import json from django.core.signing import BadSignature from django.contrib.formtools.exceptions import WizardViewCookieModified from django.contrib.formtools.wizard import storage Loading @@ -16,12 +13,7 @@ class CookieStorage(storage.BaseStorage): self.init_data() def load_data(self): try: data = self.request.get_signed_cookie(self.prefix) except KeyError: data = None except BadSignature: raise WizardViewCookieModified('WizardView cookie manipulated') data = self.request.get_signed_cookie(self.prefix, default=None) if data is None: return None return json.loads(data, cls=json.JSONDecoder) Loading
docs/releases/1.8.txt +7 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,13 @@ Minor features :mod:`django.contrib.formtools` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ... * A :doc:`form wizard </ref/contrib/formtools/form-wizard>` using the :class:`~django.contrib.formtools.wizard.views.CookieWizardView` will now ignore an invalid cookie, and the wizard will restart from the first step. An invalid cookie can occur in cases of intentional manipulation, but also after a secret key change. Previously, this would raise ``WizardViewCookieModified``, a ``SuspiciousOperation``, causing an exception for any user with an invalid cookie upon every request to the wizard, until the cookie is removed. :mod:`django.contrib.gis` ^^^^^^^^^^^^^^^^^^^^^^^^^^ Loading
