#12909: Exceptions raised in response middleware don't invoke site 500/404
handlers.
-------------------------------------+--------------------------------------
Reporter: jhovanny | Owner: nobody
Status: new | Milestone:
Component: Core framework | Version: 1.2-beta
Resolution: | Keywords:
Stage: Accepted | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by russellm):
* needs_better_patch: => 0
* component: django.contrib.sessions => Core framework
* needs_tests: => 0
* summary: Session Middleware ignores DEBUG setting - Potential Security
Issue => Exceptions raised in response
middleware don't invoke site 500/404 handlers.
* milestone: 1.2 =>
* needs_docs: => 0
* stage: Unreviewed => Accepted
Comment:
Correcting the title to remove the scaremongering. This isn't even
remotely a security issue. There is nothing private or exploitable being
released here.
On that note - it doesn't matter now, but *PLEASE* don't report security
issues in Trac. [See Django's security policy
http://docs.djangoproject.com/en/dev/internals/contributing/#id2] for
instructions on how to report potential security problems.
Now - back to the ticket.
The issue here is that exceptions raised in a process_response component
of a middleware don't invoke the 500 handling infrastructure.
--
Ticket URL: <http://code.djangoproject.com/ticket/12909#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
