diff options
| author | Jacob Kaplan-Moss <jacob@jacobian.org> | 2008-08-29 19:15:34 +0000 |
|---|---|---|
| committer | Jacob Kaplan-Moss <jacob@jacobian.org> | 2008-08-29 19:15:34 +0000 |
| commit | 2ca8cf36280d427ca396f14029f22421539a1fce (patch) | |
| tree | 28511e392bfbcbde9d54ed26113c363b2ca02803 | |
| parent | 71076ae299500df32a5b416c65099fde80657040 (diff) | |
Fixed #8653: make formtools' security hash more rubust. Silly that I didn't think of this before; thanks to bthomas for providing the obvious fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8715 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/contrib/formtools/utils.py | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/django/contrib/formtools/utils.py b/django/contrib/formtools/utils.py index 90b4fe650b..1f5beb153d 100644 --- a/django/contrib/formtools/utils.py +++ b/django/contrib/formtools/utils.py @@ -15,19 +15,8 @@ def security_hash(request, form, *args): order, pickles the result with the SECRET_KEY setting, then takes an md5 hash of that. """ - # Ensure that the hash does not change when a BooleanField's bound - # data is a string `False' or a boolean False. - # Rather than re-coding this special behaviour here, we - # create a dummy BooleanField and call its clean method to get a - # boolean True or False verdict that is consistent with - # BooleanField.clean() - dummy_bool = BooleanField(required=False) - def _cleaned_data(bf): - if isinstance(bf.field, BooleanField): - return dummy_bool.clean(bf.data) - return bf.data - data = [(bf.name, _cleaned_data(bf) or '') for bf in form] + data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form] data.extend(args) data.append(settings.SECRET_KEY) |
