Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.

SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
author: Preston Holmes <preston@ptone.com> 2013-05-15 16:14:28 -0700
committer: Preston Holmes <preston@ptone.com> 2013-05-25 16:27:34 -0700
commit: d228c1192ed59ab0114d9eba82ac99df611652d2 (patch)
tree: e9ae061d032f269bcd3914b50ef200c1fd4a208e /django/views/defaults.py
parent: 36d47f72e300321c4a328a643d489436535d1442 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/django/views/defaults.py b/django/views/defaults.py
index 89228c50c9..c8a62fc753 100644
--- a/django/views/defaults.py
+++ b/django/views/defaults.py
@@ -43,6 +43,21 @@ def server_error(request, template_name='500.html'):
     return http.HttpResponseServerError(template.render(Context({})))
 
 
+@requires_csrf_token
+def bad_request(request, template_name='400.html'):
+    """
+    400 error handler.
+
+    Templates: :template:`400.html`
+    Context: None
+    """
+    try:
+        template = loader.get_template(template_name)
+    except TemplateDoesNotExist:
+        return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>')
+    return http.HttpResponseBadRequest(template.render(Context({})))
+
+
 # This can be called when CsrfViewMiddleware.process_view has not run,
 # therefore need @requires_csrf_token in case the template needs
 # {% csrf_token %}.
author	Preston Holmes <preston@ptone.com>	2013-05-15 16:14:28 -0700
committer	Preston Holmes <preston@ptone.com>	2013-05-25 16:27:34 -0700
commit	d228c1192ed59ab0114d9eba82ac99df611652d2 (patch)
tree	e9ae061d032f269bcd3914b50ef200c1fd4a208e /django/views/defaults.py
parent	36d47f72e300321c4a328a643d489436535d1442 (diff)