Public bug reported: With the recent security upload of django, the self-tests will fail on any site, if the MANAGERS variable is defined in settings.py. This is because the admin gets mail about the SuspiciousOperation traceback and the new test test_poisoned_http_host() only looks to see whether there's any mail at all, not who the mail is to or what it is.
james@ornery:~/scratch/test/mysite$ python manage.py test Creating test database for alias 'default'... ..................................................................................> /usr/lib/python2.7/dist-packages/django/contrib/auth/tests/views.py(137)test_poisoned_http_host() -> self.assertEqual(len(mail.outbox), 0) (Pdb) print mail.outbox [<django.core.mail.message.EmailMultiAlternatives object at 0x263c490>] (Pdb) print mail.outbox[0].to ['your_em...@example.com'] (Pdb) print mail.outbox[0].subject [Django] ERROR (EXTERNAL IP): Internal Server Error: /password_reset/ (Pdb) print mail.outbox[0].body Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 89, in get_response response = middleware_method(request) File "/usr/lib/python2.7/dist-packages/django/middleware/common.py", line 55, in process_request host = request.get_host() File "/usr/lib/python2.7/dist-packages/django/http/__init__.py", line 218, in get_host raise SuspiciousOperation('Invalid HTTP_HOST header: %s' % host) SuspiciousOperation: Invalid HTTP_HOST header: www.example:dr.frankenst...@evil.tld <WSGIRequest path:/password_reset/, GET:<QueryDict: {}>, POST:<QueryDict: {u'email': [u'staffmem...@example.com']}>, COOKIES:{}, META:{'CONTENT_LENGTH': 111, 'CONTENT_TYPE': 'multipart/form-data; boundary=BoUnDaRyStRiNg', 'HTTP_COOKIE': '', 'HTTP_HOST': 'www.example:dr.frankenst...@evil.tld', 'PATH_INFO': u'/password_reset/', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 'REQUEST_METHOD': 'POST', 'SCRIPT_NAME': u'', 'SERVER_NAME': 'testserver', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.1', 'wsgi.errors': <cStringIO.StringO object at 0x2626fb8>, 'wsgi.input': <django.test.client.FakePayload object at 0x2614790>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}> (Pdb) ** Affects: python-django (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1080204 Title: Regression in security upload - self-tests fail if MANAGERS is defined in settings.py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1080204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs