Public bug reported:
With the recent security upload of django, the self-tests will fail on
any site, if the MANAGERS variable is defined in settings.py. This is
because the admin gets mail about the SuspiciousOperation traceback
and the new test test_poisoned_http_host() only looks to see whether
there's any mail at all, not who the mail is to or what it is.
james@ornery:~/scratch/test/mysite$ python manage.py test
Creating test database for alias 'default'...
..................................................................................>
/usr/lib/python2.7/dist-packages/django/contrib/auth/tests/views.py(137)test_poisoned_http_host()
-> self.assertEqual(len(mail.outbox), 0)
(Pdb) print mail.outbox
[<django.core.mail.message.EmailMultiAlternatives object at 0x263c490>]
(Pdb) print mail.outbox[0].to
['your_em...@example.com']
(Pdb) print mail.outbox[0].subject
[Django] ERROR (EXTERNAL IP): Internal Server Error: /password_reset/
(Pdb) print mail.outbox[0].body
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line
89, in get_response
response = middleware_method(request)
File "/usr/lib/python2.7/dist-packages/django/middleware/common.py", line 55,
in process_request
host = request.get_host()
File "/usr/lib/python2.7/dist-packages/django/http/__init__.py", line 218, in
get_host
raise SuspiciousOperation('Invalid HTTP_HOST header: %s' % host)
SuspiciousOperation: Invalid HTTP_HOST header:
www.example:dr.frankenst...@evil.tld
<WSGIRequest
path:/password_reset/,
GET:<QueryDict: {}>,
POST:<QueryDict: {u'email': [u'staffmem...@example.com']}>,
COOKIES:{},
META:{'CONTENT_LENGTH': 111,
'CONTENT_TYPE': 'multipart/form-data; boundary=BoUnDaRyStRiNg',
'HTTP_COOKIE': '',
'HTTP_HOST': 'www.example:dr.frankenst...@evil.tld',
'PATH_INFO': u'/password_reset/',
'QUERY_STRING': '',
'REMOTE_ADDR': '127.0.0.1',
'REQUEST_METHOD': 'POST',
'SCRIPT_NAME': u'',
'SERVER_NAME': 'testserver',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.1',
'wsgi.errors': <cStringIO.StringO object at 0x2626fb8>,
'wsgi.input': <django.test.client.FakePayload object at 0x2614790>,
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
(Pdb)
** Affects: python-django (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1080204
Title:
Regression in security upload - self-tests fail if MANAGERS is defined
in settings.py
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1080204/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
