Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use... (c85c8f88) · Commits · Dom Sekotill / django

django/contrib/admin/sites.py

+18 −17

Original line number	Diff line number	Diff line
		import base64
		import cPickle as pickle
		import datetime
		import re

		from django import http, template
		from django.contrib.admin import ModelAdmin
		from django.contrib.auth import authenticate, login
		@@ -9,11 +14,7 @@ from django.utils.text import capfirst
		from django.utils.translation import ugettext_lazy, ugettext as _
		from django.views.decorators.cache import never_cache
		from django.conf import settings
		import base64
		import cPickle as pickle
		import datetime
		import md5
		import re
		from django.utils.hashcompat import md5_constructor

		ERROR_MESSAGE = ugettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.")
		LOGIN_FORM_KEY = 'this_is_the_login_form'
		@@ -29,14 +30,14 @@ class NotRegistered(Exception):
		def _encode_post_data(post_data):
		from django.conf import settings
		pickled = pickle.dumps(post_data)
		pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest()
		pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
		return base64.encodestring(pickled + pickled_md5)

		def _decode_post_data(encoded_data):
		from django.conf import settings
		encoded_data = base64.decodestring(encoded_data)
		pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
		if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
		if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
		from django.core.exceptions import SuspiciousOperation
		raise SuspiciousOperation, "User may have tampered with session cookie."
		return pickle.loads(pickled)

django/contrib/admin/views/decorators.py

+4 −4

Original line number	Diff line number	Diff line
		import base64
		import md5
		import cPickle as pickle
		try:
		from functools import wraps
		@@ -12,6 +11,7 @@ from django.contrib.auth.models import User
		from django.contrib.auth import authenticate, login
		from django.shortcuts import render_to_response
		from django.utils.translation import ugettext_lazy, ugettext as _
		from django.utils.hashcompat import md5_constructor

		ERROR_MESSAGE = ugettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.")
		LOGIN_FORM_KEY = 'this_is_the_login_form'
		@@ -35,13 +35,13 @@ def _display_login_form(request, error_message=''):

		def _encode_post_data(post_data):
		pickled = pickle.dumps(post_data)
		pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest()
		pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
		return base64.encodestring(pickled + pickled_md5)

		def _decode_post_data(encoded_data):
		encoded_data = base64.decodestring(encoded_data)
		pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
		if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
		if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
		from django.core.exceptions import SuspiciousOperation
		raise SuspiciousOperation, "User may have tampered with session cookie."
		return pickle.loads(pickled)

django/contrib/auth/tokens.py

+6 −6

Original line number	Diff line number	Diff line
		@@ -50,8 +50,8 @@ class PasswordResetTokenGenerator(object):
		# last_login will also change), we produce a hash that will be
		# invalid as soon as it is used.
		# We limit the hash to 20 chars to keep URL short
		import sha
		hash = sha.new(settings.SECRET_KEY + unicode(user.id) +
		from django.utils.hashcompat import sha_constructor
		hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
		user.password + unicode(user.last_login) +
		unicode(timestamp)).hexdigest()[::2]
		return "%s-%s" % (ts_b36, hash)

django/contrib/comments/models.py

+2 −2

Original line number	Diff line number	Diff line
		@@ -29,8 +29,8 @@ class CommentManager(models.Manager):
		'pa,ra') and target (something like 'lcom.eventtimes:5157'). Used to
		validate that submitted form options have not been tampered-with.
		"""
		import md5
		return md5.new(options + photo_options + rating_options + target + settings.SECRET_KEY).hexdigest()
		from django.utils.hashcompat import md5_constructor
		return md5_constructor(options + photo_options + rating_options + target + settings.SECRET_KEY).hexdigest()

		def get_rating_options(self, rating_string):
		"""

django/contrib/csrf/middleware.py

+27 −26

Original line number	Diff line number	Diff line
		@@ -3,14 +3,15 @@ Cross Site Request Forgery Middleware.

		This module provides a middleware that implements protection
		against request forgeries from other sites.

		"""

		import re
		import itertools

		from django.conf import settings
		from django.http import HttpResponseForbidden
		from django.utils.hashcompat import md5_constructor
		from django.utils.safestring import mark_safe
		import md5
		import re
		import itertools

		_ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')

		@@ -20,7 +21,7 @@ _POST_FORM_RE = \
		_HTML_TYPES = ('text/html', 'application/xhtml+xml')

		def _make_token(session_id):
		return md5.new(settings.SECRET_KEY + session_id).hexdigest()
		return md5_constructor(settings.SECRET_KEY + session_id).hexdigest()

		class CsrfMiddleware(object):
		"""Django middleware that adds protection against Cross Site