Skip to content
Projeler
Gruplar
Parçacıklar
Yardım
Yükleniyor...
Oturum aç / Kaydol
Gezinmeyi değiştir
D
django
Proje
Proje
Ayrıntılar
Etkinlik
Cycle Analytics
Depo (repository)
Depo (repository)
Dosyalar
Kayıtlar (commit)
Dallar (branch)
Etiketler
Katkıda bulunanlar
Grafik
Karşılaştır
Grafikler
Konular (issue)
0
Konular (issue)
0
Liste
Pano
Etiketler
Kilometre Taşları
Birleştirme (merge) Talepleri
0
Birleştirme (merge) Talepleri
0
CI / CD
CI / CD
İş akışları (pipeline)
İşler
Zamanlamalar
Grafikler
Paketler
Paketler
Wiki
Wiki
Parçacıklar
Parçacıklar
Üyeler
Üyeler
Collapse sidebar
Close sidebar
Etkinlik
Grafik
Grafikler
Yeni bir konu (issue) oluştur
İşler
Kayıtlar (commit)
Konu (issue) Panoları
Kenar çubuğunu aç
Batuhan Osman TASKAYA
django
Commits
815e7a57
Kaydet (Commit)
815e7a57
authored
Haz 25, 2014
tarafından
Tim Graham
Dosyalara gözat
Seçenekler
Dosyalara Gözat
İndir
Eposta Yamaları
Sade Fark
Fixed #20128 -- Made CsrfViewMiddleware ignore IOError when reading POST data.
Thanks Walter Doekes.
üst
fd4ccd04
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
50 additions
and
1 deletion
+50
-1
csrf.py
django/middleware/csrf.py
+9
-1
tests.py
tests/csrf_tests/tests.py
+41
-0
No files found.
django/middleware/csrf.py
Dosyayı görüntüle @
815e7a57
...
@@ -167,7 +167,15 @@ class CsrfViewMiddleware(object):
...
@@ -167,7 +167,15 @@ class CsrfViewMiddleware(object):
# Check non-cookie token for match.
# Check non-cookie token for match.
request_csrf_token
=
""
request_csrf_token
=
""
if
request
.
method
==
"POST"
:
if
request
.
method
==
"POST"
:
request_csrf_token
=
request
.
POST
.
get
(
'csrfmiddlewaretoken'
,
''
)
try
:
request_csrf_token
=
request
.
POST
.
get
(
'csrfmiddlewaretoken'
,
''
)
except
IOError
:
# Handle a broken connection before we've completed reading
# the POST data. process_view shouldn't raise any
# exceptions, so we'll ignore and serve the user a 403
# (assuming they're still listening, which they probably
# aren't because of the error).
pass
if
request_csrf_token
==
""
:
if
request_csrf_token
==
""
:
# Fall back to X-CSRFToken, to make things easier for AJAX,
# Fall back to X-CSRFToken, to make things easier for AJAX,
...
...
tests/csrf_tests/tests.py
Dosyayı görüntüle @
815e7a57
...
@@ -428,3 +428,44 @@ class CsrfViewMiddlewareTest(TestCase):
...
@@ -428,3 +428,44 @@ class CsrfViewMiddlewareTest(TestCase):
resp2
=
CsrfViewMiddleware
()
.
process_response
(
req
,
resp
)
resp2
=
CsrfViewMiddleware
()
.
process_response
(
req
,
resp
)
max_age
=
resp2
.
cookies
.
get
(
'csrfcookie'
)
.
get
(
'max-age'
)
max_age
=
resp2
.
cookies
.
get
(
'csrfcookie'
)
.
get
(
'max-age'
)
self
.
assertEqual
(
max_age
,
''
)
self
.
assertEqual
(
max_age
,
''
)
def
test_post_data_read_failure
(
self
):
"""
#20128 -- IOErrors during POST data reading should be caught and
treated as if the POST data wasn't there.
"""
class
CsrfPostRequest
(
HttpRequest
):
"""
HttpRequest that can raise an IOError when accessing POST data
"""
def
__init__
(
self
,
token
,
raise_error
):
super
(
CsrfPostRequest
,
self
)
.
__init__
()
self
.
method
=
'POST'
self
.
raise_error
=
False
self
.
COOKIES
[
settings
.
CSRF_COOKIE_NAME
]
=
token
self
.
POST
[
'csrfmiddlewaretoken'
]
=
token
self
.
raise_error
=
raise_error
def
_load_post_and_files
(
self
):
raise
IOError
(
'error reading input data'
)
def
_get_post
(
self
):
if
self
.
raise_error
:
self
.
_load_post_and_files
()
return
self
.
_post
def
_set_post
(
self
,
post
):
self
.
_post
=
post
POST
=
property
(
_get_post
,
_set_post
)
token
=
'ABC'
req
=
CsrfPostRequest
(
token
,
raise_error
=
False
)
resp
=
CsrfViewMiddleware
()
.
process_view
(
req
,
post_form_view
,
(),
{})
self
.
assertEqual
(
resp
,
None
)
req
=
CsrfPostRequest
(
token
,
raise_error
=
True
)
resp
=
CsrfViewMiddleware
()
.
process_view
(
req
,
post_form_view
,
(),
{})
self
.
assertEqual
(
resp
.
status_code
,
403
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment