[Python-modules-commits] r22806 - in packages/python-django/branches/squeeze/debian/patches (1 file)

hertzog at users.alioth.debian.org hertzog at users.alioth.debian.org
Mon Oct 22 09:09:19 UTC 2012 

    Date: Monday, October 22, 2012 @ 09:09:08
  Author: hertzog
Revision: 22806

Update the patch so that it applies correctly.

Modified:
  packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff

Modified: packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff
===================================================================
--- packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff	2012-10-22 09:07:56 UTC (rev 22805)
+++ packages/python-django/branches/squeeze/debian/patches/19_fix_host_header_poisoning.diff	2012-10-22 09:09:08 UTC (rev 22806)
@@ -1,34 +1,37 @@
 Description: Fix Host header poisoning
-Origin: upstream, https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071/download
+Origin: backport, https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071/download
 Bug-Debian: http://bugs.debian.org/691145
 
-diff --git a/django/contrib/auth/tests/urls.py b/django/contrib/auth/tests/urls.py
-index 3d76a4e..c01964f 100644
 --- a/django/contrib/auth/tests/urls.py
 +++ b/django/contrib/auth/tests/urls.py
-@@ -19,6 +19,7 @@ urlpatterns = urlpatterns + patterns('',
+@@ -1,5 +1,6 @@
+ from django.conf.urls.defaults import patterns
+ from django.contrib.auth.urls import urlpatterns
++from django.contrib.auth.views import password_reset
+ from django.http import HttpResponse
+ from django.template import Template, RequestContext
+ 
+@@ -13,6 +14,7 @@ def remote_user_auth_view(request):
+ urlpatterns += patterns('',
+     (r'^logout/custom_query/$', 'django.contrib.auth.views.logout', dict(redirect_field_name='follow')),
      (r'^logout/next_page/$', 'django.contrib.auth.views.logout', dict(next_page='/somewhere/')),
-     (r'^remote_user/$', remote_user_auth_view),
-     (r'^password_reset_from_email/$', 'django.contrib.auth.views.password_reset', dict(from_email='staffmember at example.com')),
 +    (r'^admin_password_reset/$', 'django.contrib.auth.views.password_reset', dict(is_admin_site=True)),
-     (r'^login_required/$', login_required(password_reset)),
-     (r'^login_required_login_url/$', login_required(password_reset, login_url='/somewhere/')),
+     (r'^remote_user/$', remote_user_auth_view),
  )
-diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
-index b03489c..046d00d 100644
+ 
 --- a/django/contrib/auth/tests/views.py
 +++ b/django/contrib/auth/tests/views.py
-@@ -9,6 +9,7 @@ from django.contrib.sites.models import Site, RequestSite
+@@ -9,6 +9,7 @@ from django.contrib.sites.models import
  from django.contrib.auth.models import User
  from django.test import TestCase
  from django.core import mail
 +from django.core.exceptions import SuspiciousOperation
  from django.core.urlresolvers import reverse
- from django.http import QueryDict
  
-@@ -69,6 +70,44 @@ class PasswordResetTest(AuthViewsTestCase):
-         self.assertEqual(len(mail.outbox), 1)
-         self.assertEqual("staffmember at example.com", mail.outbox[0].from_email)
+ class AuthViewsTestCase(TestCase):
+@@ -53,6 +54,44 @@ class PasswordResetTest(AuthViewsTestCas
+         self.assertEquals(len(mail.outbox), 1)
+         self.assert_("http://" in mail.outbox[0].body)
  
 +    def test_admin_reset(self):
 +        "If the reset view is marked as being for admin, the HTTP_HOST header is used for a domain override."
@@ -71,24 +74,20 @@
      def _test_confirm_start(self):
          # Start by creating the email
          response = self.client.post('/password_reset/', {'email': 'staffmember at example.com'})
-diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
-index eba83a2..727e916 100644
 --- a/django/contrib/auth/views.py
 +++ b/django/contrib/auth/views.py
-@@ -151,7 +151,7 @@ def password_reset(request, is_admin_site=False,
-                 'request': request,
-             }
+@@ -115,7 +115,7 @@ def password_reset(request, is_admin_sit
+             opts['use_https'] = request.is_secure()
+             opts['token_generator'] = token_generator
              if is_admin_site:
--                opts = dict(opts, domain_override=request.META['HTTP_HOST'])
-+                opts = dict(opts, domain_override=request.get_host())
-             form.save(**opts)
-             return HttpResponseRedirect(post_reset_redirect)
-     else:
-diff --git a/django/http/__init__.py b/django/http/__init__.py
-index 2dfe12e..dddd9a8 100644
+-                opts['domain_override'] = request.META['HTTP_HOST']
++                opts['domain_override'] = request.get_host()
+             else:
+                 opts['email_template_name'] = email_template_name
+                 if not Site._meta.installed:
 --- a/django/http/__init__.py
 +++ b/django/http/__init__.py
-@@ -165,6 +165,11 @@ class HttpRequest(object):
+@@ -57,6 +57,11 @@ class HttpRequest(object):
              server_port = str(self.META['SERVER_PORT'])
              if server_port != (self.is_secure() and '443' or '80'):
                  host = '%s:%s' % (host, server_port)

More information about the Python-modules-commits mailing list