summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJacob Kaplan-Moss <jacob@jacobian.org>2008-08-29 19:15:34 +0000
committerJacob Kaplan-Moss <jacob@jacobian.org>2008-08-29 19:15:34 +0000
commit2ca8cf36280d427ca396f14029f22421539a1fce (patch)
tree28511e392bfbcbde9d54ed26113c363b2ca02803
parent71076ae299500df32a5b416c65099fde80657040 (diff)
Fixed #8653: make formtools' security hash more rubust. Silly that I didn't think of this before; thanks to bthomas for providing the obvious fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8715 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/formtools/utils.py13
1 files changed, 1 insertions, 12 deletions
diff --git a/django/contrib/formtools/utils.py b/django/contrib/formtools/utils.py
index 90b4fe650b..1f5beb153d 100644
--- a/django/contrib/formtools/utils.py
+++ b/django/contrib/formtools/utils.py
@@ -15,19 +15,8 @@ def security_hash(request, form, *args):
order, pickles the result with the SECRET_KEY setting, then takes an md5
hash of that.
"""
- # Ensure that the hash does not change when a BooleanField's bound
- # data is a string `False' or a boolean False.
- # Rather than re-coding this special behaviour here, we
- # create a dummy BooleanField and call its clean method to get a
- # boolean True or False verdict that is consistent with
- # BooleanField.clean()
- dummy_bool = BooleanField(required=False)
- def _cleaned_data(bf):
- if isinstance(bf.field, BooleanField):
- return dummy_bool.clean(bf.data)
- return bf.data
- data = [(bf.name, _cleaned_data(bf) or '') for bf in form]
+ data = [(bf.name, bf.field.clean(bf.data) or '') for bf in form]
data.extend(args)
data.append(settings.SECRET_KEY)