Author: lukeplant
Date: 2011-03-30 10:35:12 -0700 (Wed, 30 Mar 2011)
New Revision: 15953
Modified:
django/trunk/django/contrib/comments/forms.py
django/trunk/tests/regressiontests/comment_tests/tests/comment_form_tests.py
Log:
Removed Django 1.2 compatibility fallback for contrib.comments forms hash.
Modified: django/trunk/django/contrib/comments/forms.py
===================================================================
--- django/trunk/django/contrib/comments/forms.py 2011-03-30 17:35:01 UTC
(rev 15952)
+++ django/trunk/django/contrib/comments/forms.py 2011-03-30 17:35:12 UTC
(rev 15953)
@@ -1,5 +1,4 @@
import datetime
-import hashlib
import time
from django import forms
from django.forms.util import ErrorDict
@@ -47,12 +46,7 @@
expected_hash = self.generate_security_hash(**security_hash_dict)
actual_hash = self.cleaned_data["security_hash"]
if not constant_time_compare(expected_hash, actual_hash):
- # Fallback to Django 1.2 method for compatibility
- # PendingDeprecationWarning <- here to remind us to remove this
- # fallback in Django 1.5
- expected_hash_old =
self._generate_security_hash_old(**security_hash_dict)
- if not constant_time_compare(expected_hash_old, actual_hash):
- raise forms.ValidationError("Security hash check failed.")
+ raise forms.ValidationError("Security hash check failed.")
return actual_hash
def clean_timestamp(self):
@@ -95,12 +89,6 @@
value = "-".join(info)
return salted_hmac(key_salt, value).hexdigest()
- def _generate_security_hash_old(self, content_type, object_pk, timestamp):
- """Generate a (SHA1) security hash from the provided info."""
- # Django 1.2 compatibility
- info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
- return hashlib.sha1("".join(info)).hexdigest()
-
class CommentDetailsForm(CommentSecurityForm):
"""
Handles the specific details of the comment (name, comment, etc.).
Modified:
django/trunk/tests/regressiontests/comment_tests/tests/comment_form_tests.py
===================================================================
---
django/trunk/tests/regressiontests/comment_tests/tests/comment_form_tests.py
2011-03-30 17:35:01 UTC (rev 15952)
+++
django/trunk/tests/regressiontests/comment_tests/tests/comment_form_tests.py
2011-03-30 17:35:12 UTC (rev 15953)
@@ -1,4 +1,3 @@
-import hashlib
import time
from django.conf import settings
@@ -46,23 +45,6 @@
def testObjectPKTampering(self):
self.tamperWithForm(object_pk="3")
- def testDjango12Hash(self):
- # Ensure we can use the hashes generated by Django 1.2
- a = Article.objects.get(pk=1)
- d = self.getValidData(a)
-
- content_type = d['content_type']
- object_pk = d['object_pk']
- timestamp = d['timestamp']
-
- # The Django 1.2 method hard-coded here:
- info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
- security_hash = hashlib.sha1("".join(info)).hexdigest()
-
- d['security_hash'] = security_hash
- f = CommentForm(a, data=d)
- self.assertTrue(f.is_valid(), f.errors)
-
def testSecurityErrors(self):
f = self.tamperWithForm(honeypot="I am a robot")
self.assertTrue("honeypot" in f.security_errors())
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
