[Changeset] r10753 - django/trunk/django/contrib/formtools

Tue, 12 May 2009 15:02:44 -0700 

Author: jacob
Date: 2009-05-12 17:02:38 -0500 (Tue, 12 May 2009)
New Revision: 10753

Modified:
   django/trunk/django/contrib/formtools/tests.py
   django/trunk/django/contrib/formtools/utils.py
Log:
Fixed #10643: fixed the formtools security hash to handle allowed empty forms 
or forms without changed data.

Modified: django/trunk/django/contrib/formtools/tests.py
===================================================================
--- django/trunk/django/contrib/formtools/tests.py      2009-05-12 21:54:58 UTC 
(rev 10752)
+++ django/trunk/django/contrib/formtools/tests.py      2009-05-12 22:02:38 UTC 
(rev 10753)
@@ -110,16 +110,31 @@
         leading/trailing whitespace so as to be friendly to broken browsers 
that
         submit it (usually in textareas).
         """
-        class TestForm(forms.Form):
-            name = forms.CharField()
-            bio = forms.CharField()
+        f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
+        f2 = HashTestForm({'name': '  joe', 'bio': 'Nothing notable.  '})
+        hash1 = utils.security_hash(None, f1)
+        hash2 = utils.security_hash(None, f2)
+        self.assertEqual(hash1, hash2)
         
-        f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'})
-        f2 = TestForm({'name': '  joe', 'bio': 'Nothing notable.  '})
+    def test_empty_permitted(self):
+        """
+        Regression test for #10643: the security hash should allow forms with
+        empty_permitted = True, or forms where data has not changed.
+        """
+        f1 = HashTestBlankForm({})
+        f2 = HashTestForm({}, empty_permitted=True)
         hash1 = utils.security_hash(None, f1)
         hash2 = utils.security_hash(None, f2)
         self.assertEqual(hash1, hash2)
 
+class HashTestForm(forms.Form):
+    name = forms.CharField()
+    bio = forms.CharField()
+
+class HashTestBlankForm(forms.Form):
+    name = forms.CharField(required=False)
+    bio = forms.CharField(required=False)
+
 #
 # FormWizard tests
 #

Modified: django/trunk/django/contrib/formtools/utils.py
===================================================================
--- django/trunk/django/contrib/formtools/utils.py      2009-05-12 21:54:58 UTC 
(rev 10752)
+++ django/trunk/django/contrib/formtools/utils.py      2009-05-12 22:02:38 UTC 
(rev 10753)
@@ -18,10 +18,16 @@
 
     data = []
     for bf in form:
-        value = bf.field.clean(bf.data) or ''
+        # Get the value from the form data. If the form allows empty or hasn't
+        # changed then don't call clean() to avoid trigger validation errors.
+        if form.empty_permitted and not form.has_changed():
+            value = bf.data or ''
+        else:
+            value = bf.field.clean(bf.data) or ''
         if isinstance(value, basestring):
             value = value.strip()
         data.append((bf.name, value))
+        
     data.extend(args)
     data.append(settings.SECRET_KEY)
 


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to