[1.0.X] Fixed #10643: fixed the formtools security hash to handle allowed... (cc96ed9e) · Commits · Dom Sekotill / django

django/contrib/formtools/tests.py

+20 −5

Original line number	Diff line number	Diff line
		@@ -110,16 +110,31 @@ class SecurityHashTests(unittest.TestCase):
		leading/trailing whitespace so as to be friendly to broken browsers that
		submit it (usually in textareas).
		"""
		class TestForm(forms.Form):
		name = forms.CharField()
		bio = forms.CharField()
		f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
		f2 = HashTestForm({'name': ' joe', 'bio': 'Nothing notable. '})
		hash1 = utils.security_hash(None, f1)
		hash2 = utils.security_hash(None, f2)
		self.assertEqual(hash1, hash2)

		f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'})
		f2 = TestForm({'name': ' joe', 'bio': 'Nothing notable. '})
		def test_empty_permitted(self):
		"""
		Regression test for #10643: the security hash should allow forms with
		empty_permitted = True, or forms where data has not changed.
		"""
		f1 = HashTestBlankForm({})
		f2 = HashTestForm({}, empty_permitted=True)
		hash1 = utils.security_hash(None, f1)
		hash2 = utils.security_hash(None, f2)
		self.assertEqual(hash1, hash2)

		class HashTestForm(forms.Form):
		name = forms.CharField()
		bio = forms.CharField()

		class HashTestBlankForm(forms.Form):
		name = forms.CharField(required=False)
		bio = forms.CharField(required=False)

		#
		# FormWizard tests
		#

+7 −1

Original line number	Diff line number	Diff line
		@@ -18,10 +18,16 @@ def security_hash(request, form, *args):

		data = []
		for bf in form:
		# Get the value from the form data. If the form allows empty or hasn't
		# changed then don't call clean() to avoid trigger validation errors.
		if form.empty_permitted and not form.has_changed():
		value = bf.data or ''
		else:
		value = bf.field.clean(bf.data) or ''
		if isinstance(value, basestring):
		value = value.strip()
		data.append((bf.name, value))

		data.extend(args)
		data.append(settings.SECRET_KEY)