summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2017-01-29 14:58:20 +0100
committerClaude Paroz <claude@2xlibre.net>2017-01-30 14:13:29 +0100
commitc688336ebcc1bddc65f2d48e15b981b6caa7ef1a (patch)
tree7f38874e146a0a6db20e4535611501de22394113 /django
parent89501d9298494d732f56cf577e70d4203f45467b (diff)
Refs #23919 -- Assumed request COOKIES and META are str
Diffstat (limited to 'django')
-rw-r--r--django/middleware/common.py5
-rw-r--r--django/middleware/csrf.py9
-rw-r--r--django/template/context_processors.py3
3 files changed, 5 insertions, 12 deletions
diff --git a/django/middleware/common.py b/django/middleware/common.py
index 304e6318c4..9d1a868245 100644
--- a/django/middleware/common.py
+++ b/django/middleware/common.py
@@ -11,7 +11,6 @@ from django.utils.cache import (
cc_delim_re, get_conditional_response, set_response_etag,
)
from django.utils.deprecation import MiddlewareMixin, RemovedInDjango21Warning
-from django.utils.encoding import force_text
class CommonMiddleware(MiddlewareMixin):
@@ -157,10 +156,10 @@ class BrokenLinkEmailsMiddleware(MiddlewareMixin):
if response.status_code == 404 and not settings.DEBUG:
domain = request.get_host()
path = request.get_full_path()
- referer = force_text(request.META.get('HTTP_REFERER', ''), errors='replace')
+ referer = request.META.get('HTTP_REFERER', '')
if not self.is_ignorable_request(request, path, domain, referer):
- ua = force_text(request.META.get('HTTP_USER_AGENT', '<none>'), errors='replace')
+ ua = request.META.get('HTTP_USER_AGENT', '<none>')
ip = request.META.get('REMOTE_ADDR', '<none>')
mail_managers(
"Broken %slink on %s" % (
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index f6584cbea8..44fe892229 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -15,7 +15,6 @@ from django.urls import get_callable
from django.utils.cache import patch_vary_headers
from django.utils.crypto import constant_time_compare, get_random_string
from django.utils.deprecation import MiddlewareMixin
-from django.utils.encoding import force_text
from django.utils.http import is_same_domain
logger = logging.getLogger('django.security.csrf')
@@ -107,7 +106,7 @@ def rotate_token(request):
def _sanitize_token(token):
# Allow only ASCII alphanumerics
- if re.search('[^a-zA-Z0-9]', force_text(token)):
+ if re.search('[^a-zA-Z0-9]', token):
return _get_new_csrf_token()
elif len(token) == CSRF_TOKEN_LENGTH:
return token
@@ -238,11 +237,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
# Barth et al. found that the Referer header is missing for
# same-domain requests in only about 0.2% of cases or less, so
# we can use strict Referer checking.
- referer = force_text(
- request.META.get('HTTP_REFERER'),
- strings_only=True,
- errors='replace'
- )
+ referer = request.META.get('HTTP_REFERER')
if referer is None:
return self._reject(request, REASON_NO_REFERER)
diff --git a/django/template/context_processors.py b/django/template/context_processors.py
index 85cd3eaa5f..3e73d176ea 100644
--- a/django/template/context_processors.py
+++ b/django/template/context_processors.py
@@ -11,7 +11,6 @@ import itertools
from django.conf import settings
from django.middleware.csrf import get_token
-from django.utils.encoding import force_text
from django.utils.functional import SimpleLazyObject, lazy
@@ -28,7 +27,7 @@ def csrf(request):
# instead of returning an empty dict.
return 'NOTPROVIDED'
else:
- return force_text(token)
+ return token
return {'csrf_token': SimpleLazyObject(_get_val)}