Author: lukeplant
Date: 2011-03-30 10:35:22 -0700 (Wed, 30 Mar 2011)
New Revision: 15954
Modified:
django/trunk/django/contrib/sessions/backends/base.py
django/trunk/django/contrib/sessions/tests.py
Log:
Removed Django 1.2 compatibility fallback for session data integrity check hash.
Modified: django/trunk/django/contrib/sessions/backends/base.py
===================================================================
--- django/trunk/django/contrib/sessions/backends/base.py 2011-03-30
17:35:12 UTC (rev 15953)
+++ django/trunk/django/contrib/sessions/backends/base.py 2011-03-30
17:35:22 UTC (rev 15954)
@@ -105,25 +105,10 @@
else:
return pickle.loads(pickled)
except Exception:
- # ValueError, SuspiciousOperation, unpickling exceptions
- # Fall back to Django 1.2 method
- # PendingDeprecationWarning <- here to remind us to
- # remove this fallback in Django 1.5
- try:
- return self._decode_old(session_data)
- except Exception:
- # Unpickling can cause a variety of exceptions. If something
happens,
- # just return an empty dictionary (an empty session).
- return {}
+ # ValueError, SuspiciousOperation, unpickling exceptions. If any of
+ # these happen, just return an empty dictionary (an empty session).
+ return {}
- def _decode_old(self, session_data):
- encoded_data = base64.decodestring(session_data)
- pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
- if not constant_time_compare(hashlib.md5(pickled +
settings.SECRET_KEY).hexdigest(),
- tamper_check):
- raise SuspiciousOperation("User tampered with session cookie.")
- return pickle.loads(pickled)
-
def update(self, dict_):
self._session.update(dict_)
self.modified = True
Modified: django/trunk/django/contrib/sessions/tests.py
===================================================================
--- django/trunk/django/contrib/sessions/tests.py 2011-03-30 17:35:12 UTC
(rev 15953)
+++ django/trunk/django/contrib/sessions/tests.py 2011-03-30 17:35:22 UTC
(rev 15954)
@@ -1,7 +1,4 @@
-import base64
from datetime import datetime, timedelta
-import hashlib
-import pickle
import shutil
import tempfile
@@ -252,19 +249,7 @@
encoded = self.session.encode(data)
self.assertEqual(self.session.decode(encoded), data)
- def test_decode_django12(self):
- # Ensure we can decode values encoded using Django 1.2
- # Hard code the Django 1.2 method here:
- def encode(session_dict):
- pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
- pickled_md5 = hashlib.md5(pickled +
settings.SECRET_KEY).hexdigest()
- return base64.encodestring(pickled + pickled_md5)
- data = {'a test key': 'a test value'}
- encoded = encode(data)
- self.assertEqual(self.session.decode(encoded), data)
-
-
class DatabaseSessionTests(SessionTestsMixin, TestCase):
backend = DatabaseSession
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
