Author: jacob Date: 2009-05-12 16:54:58 -0500 (Tue, 12 May 2009) New Revision: 10752
Modified: django/trunk/django/contrib/formtools/tests.py django/trunk/django/contrib/formtools/utils.py Log: Fixed #10034: the formtools security hash function is now friendlier to browsers that submit leading/trailing whitespace in form fields. Modified: django/trunk/django/contrib/formtools/tests.py =================================================================== --- django/trunk/django/contrib/formtools/tests.py 2009-05-12 21:45:03 UTC (rev 10751) +++ django/trunk/django/contrib/formtools/tests.py 2009-05-12 21:54:58 UTC (rev 10752) @@ -1,5 +1,6 @@ +import unittest from django import forms -from django.contrib.formtools import preview, wizard +from django.contrib.formtools import preview, wizard, utils from django import http from django.test import TestCase @@ -101,6 +102,24 @@ response = self.client.post('/test1/', self.test_data) self.assertEqual(response.content, success_string) +class SecurityHashTests(unittest.TestCase): + + def test_textfield_hash(self): + """ + Regression test for #10034: the hash generation function should ignore + leading/trailing whitespace so as to be friendly to broken browsers that + submit it (usually in textareas). + """ + class TestForm(forms.Form): + name = forms.CharField() + bio = forms.CharField() + + f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'}) + f2 = TestForm({'name': ' joe', 'bio': 'Nothing notable. '}) + hash1 = utils.security_hash(None, f1) + hash2 = utils.security_hash(None, f2) + self.assertEqual(hash1, hash2) + # # FormWizard tests # Modified: django/trunk/django/contrib/formtools/utils.py =================================================================== --- django/trunk/django/contrib/formtools/utils.py 2009-05-12 21:45:03 UTC (rev 10751) +++ django/trunk/django/contrib/formtools/utils.py 2009-05-12 21:54:58 UTC (rev 10752) @@ -16,7 +16,12 @@ hash of that. """ - data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form] + data = [] + for bf in form: + value = bf.field.clean(bf.data) or '' + if isinstance(value, basestring): + value = value.strip() + data.append((bf.name, value)) data.extend(args) data.append(settings.SECRET_KEY) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---