[Python-modules-commits] r22806 - in packages/python-django/branches/squeeze/debian/patches (1 file)
hertzog at users.alioth.debian.org
hertzog at users.alioth.debian.org
Mon Oct 22 09:09:19 UTC 2012
Date: Monday, October 22, 2012 @ 09:09:08
Author: hertzog
Revision: 22806
Update the patch so that it applies correctly.
Modified:
packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff
Modified: packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff
===================================================================
--- packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff 2012-10-22 09:07:56 UTC (rev 22805)
+++ packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff 2012-10-22 09:09:08 UTC (rev 22806)
@@ -1,34 +1,37 @@
Description: Fix Host header poisoning
-Origin: upstream, https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071/download
+Origin: backport, https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071/download
Bug-Debian: http://bugs.debian.org/691145
-diff --git a/django/contrib/auth/tests/urls.py b/django/contrib/auth/tests/urls.py
-index 3d76a4e..c01964f 100644
--- a/django/contrib/auth/tests/urls.py
+++ b/django/contrib/auth/tests/urls.py
-@@ -19,6 +19,7 @@ urlpatterns = urlpatterns + patterns('',
+@@ -1,5 +1,6 @@
+ from django.conf.urls.defaults import patterns
+ from django.contrib.auth.urls import urlpatterns
++from django.contrib.auth.views import password_reset
+ from django.http import HttpResponse
+ from django.template import Template, RequestContext
+
+@@ -13,6 +14,7 @@ def remote_user_auth_view(request):
+ urlpatterns += patterns('',
+ (r'^logout/custom_query/$', 'django.contrib.auth.views.logout', dict(redirect_field_name='follow')),
(r'^logout/next_page/$', 'django.contrib.auth.views.logout', dict(next_page='/somewhere/')),
- (r'^remote_user/$', remote_user_auth_view),
- (r'^password_reset_from_email/$', 'django.contrib.auth.views.password_reset', dict(from_email='staffmember at example.com')),
+ (r'^admin_password_reset/$', 'django.contrib.auth.views.password_reset', dict(is_admin_site=True)),
- (r'^login_required/$', login_required(password_reset)),
- (r'^login_required_login_url/$', login_required(password_reset, login_url='/somewhere/')),
+ (r'^remote_user/$', remote_user_auth_view),
)
-diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
-index b03489c..046d00d 100644
+
--- a/django/contrib/auth/tests/views.py
+++ b/django/contrib/auth/tests/views.py
-@@ -9,6 +9,7 @@ from django.contrib.sites.models import Site, RequestSite
+@@ -9,6 +9,7 @@ from django.contrib.sites.models import
from django.contrib.auth.models import User
from django.test import TestCase
from django.core import mail
+from django.core.exceptions import SuspiciousOperation
from django.core.urlresolvers import reverse
- from django.http import QueryDict
-@@ -69,6 +70,44 @@ class PasswordResetTest(AuthViewsTestCase):
- self.assertEqual(len(mail.outbox), 1)
- self.assertEqual("staffmember at example.com", mail.outbox[0].from_email)
+ class AuthViewsTestCase(TestCase):
+@@ -53,6 +54,44 @@ class PasswordResetTest(AuthViewsTestCas
+ self.assertEquals(len(mail.outbox), 1)
+ self.assert_("http://" in mail.outbox[0].body)
+ def test_admin_reset(self):
+ "If the reset view is marked as being for admin, the HTTP_HOST header is used for a domain override."
@@ -71,24 +74,20 @@
def _test_confirm_start(self):
# Start by creating the email
response = self.client.post('/password_reset/', {'email': 'staffmember at example.com'})
-diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
-index eba83a2..727e916 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
-@@ -151,7 +151,7 @@ def password_reset(request, is_admin_site=False,
- 'request': request,
- }
+@@ -115,7 +115,7 @@ def password_reset(request, is_admin_sit
+ opts['use_https'] = request.is_secure()
+ opts['token_generator'] = token_generator
if is_admin_site:
-- opts = dict(opts, domain_override=request.META['HTTP_HOST'])
-+ opts = dict(opts, domain_override=request.get_host())
- form.save(**opts)
- return HttpResponseRedirect(post_reset_redirect)
- else:
-diff --git a/django/http/__init__.py b/django/http/__init__.py
-index 2dfe12e..dddd9a8 100644
+- opts['domain_override'] = request.META['HTTP_HOST']
++ opts['domain_override'] = request.get_host()
+ else:
+ opts['email_template_name'] = email_template_name
+ if not Site._meta.installed:
--- a/django/http/__init__.py
+++ b/django/http/__init__.py
-@@ -165,6 +165,11 @@ class HttpRequest(object):
+@@ -57,6 +57,11 @@ class HttpRequest(object):
server_port = str(self.META['SERVER_PORT'])
if server_port != (self.is_secure() and '443' or '80'):
host = '%s:%s' % (host, server_port)
More information about the Python-modules-commits
mailing list