Loading AUTHORS +1 −0 Original line number Diff line number Diff line Loading @@ -492,6 +492,7 @@ answer newbie questions, and generally made Django that much better: Alex Robbins <alexander.j.robbins@gmail.com> Matt Robenolt <m@robenolt.com> Henrique Romano <onaiort@gmail.com> Erik Romijn <django@solidlinks.nl> Armin Ronacher Daniel Roseman <http://roseman.org.uk/> Rozza <ross.lawley@gmail.com> Loading django/contrib/sessions/backends/file.py +1 −1 Original line number Diff line number Diff line Loading @@ -86,7 +86,7 @@ class SessionStore(SessionBase): session_data = {} self.delete() self.create() except IOError: except (IOError, SuspiciousOperation): self.create() return session_data Loading django/contrib/sessions/tests.py +10 −3 Original line number Diff line number Diff line Loading @@ -403,14 +403,21 @@ class FileSessionTests(SessionTestsMixin, unittest.TestCase): self.assertRaises(ImproperlyConfigured, self.backend) def test_invalid_key_backslash(self): # Ensure we don't allow directory-traversal # This key should be refused and a new session should be created self.assertTrue(self.backend("a\\b\\c").load()) def test_invalid_key_backslash(self): # Ensure we don't allow directory-traversal. # This is tested directly on _key_to_file, as load() will swallow # a SuspiciousOperation in the same way as an IOError - by creating # a new session, making it unclear whether the slashes were detected. self.assertRaises(SuspiciousOperation, self.backend("a\\b\\c").load) self.backend()._key_to_file, "a\\b\\c") def test_invalid_key_forwardslash(self): # Ensure we don't allow directory-traversal self.assertRaises(SuspiciousOperation, self.backend("a/b/c").load) self.backend()._key_to_file, "a/b/c") @override_settings(SESSION_ENGINE="django.contrib.sessions.backends.file") def test_clearsessions_command(self): Loading Loading
AUTHORS +1 −0 Original line number Diff line number Diff line Loading @@ -492,6 +492,7 @@ answer newbie questions, and generally made Django that much better: Alex Robbins <alexander.j.robbins@gmail.com> Matt Robenolt <m@robenolt.com> Henrique Romano <onaiort@gmail.com> Erik Romijn <django@solidlinks.nl> Armin Ronacher Daniel Roseman <http://roseman.org.uk/> Rozza <ross.lawley@gmail.com> Loading
django/contrib/sessions/backends/file.py +1 −1 Original line number Diff line number Diff line Loading @@ -86,7 +86,7 @@ class SessionStore(SessionBase): session_data = {} self.delete() self.create() except IOError: except (IOError, SuspiciousOperation): self.create() return session_data Loading
django/contrib/sessions/tests.py +10 −3 Original line number Diff line number Diff line Loading @@ -403,14 +403,21 @@ class FileSessionTests(SessionTestsMixin, unittest.TestCase): self.assertRaises(ImproperlyConfigured, self.backend) def test_invalid_key_backslash(self): # Ensure we don't allow directory-traversal # This key should be refused and a new session should be created self.assertTrue(self.backend("a\\b\\c").load()) def test_invalid_key_backslash(self): # Ensure we don't allow directory-traversal. # This is tested directly on _key_to_file, as load() will swallow # a SuspiciousOperation in the same way as an IOError - by creating # a new session, making it unclear whether the slashes were detected. self.assertRaises(SuspiciousOperation, self.backend("a\\b\\c").load) self.backend()._key_to_file, "a\\b\\c") def test_invalid_key_forwardslash(self): # Ensure we don't allow directory-traversal self.assertRaises(SuspiciousOperation, self.backend("a/b/c").load) self.backend()._key_to_file, "a/b/c") @override_settings(SESSION_ENGINE="django.contrib.sessions.backends.file") def test_clearsessions_command(self): Loading
