diff options
| author | Preston Holmes <preston@ptone.com> | 2013-05-15 16:14:28 -0700 |
|---|---|---|
| committer | Preston Holmes <preston@ptone.com> | 2013-05-25 16:27:34 -0700 |
| commit | d228c1192ed59ab0114d9eba82ac99df611652d2 (patch) | |
| tree | e9ae061d032f269bcd3914b50ef200c1fd4a208e /django/http/multipartparser.py | |
| parent | 36d47f72e300321c4a328a643d489436535d1442 (diff) | |
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.
Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
Diffstat (limited to 'django/http/multipartparser.py')
| -rw-r--r-- | django/http/multipartparser.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py index 26e10da1a2..eeb435fa57 100644 --- a/django/http/multipartparser.py +++ b/django/http/multipartparser.py @@ -11,7 +11,7 @@ import cgi import sys from django.conf import settings -from django.core.exceptions import SuspiciousOperation +from django.core.exceptions import SuspiciousMultipartForm from django.utils.datastructures import MultiValueDict from django.utils.encoding import force_text from django.utils import six @@ -370,7 +370,7 @@ class LazyStream(six.Iterator): if current_number == num_bytes]) if number_equal > 40: - raise SuspiciousOperation( + raise SuspiciousMultipartForm( "The multipart parser got stuck, which shouldn't happen with" " normal uploaded files. Check for malicious upload activity;" " if there is none, report this to the Django developers." |