← Back to branch summary

~ubuntu-branches/ubuntu/quantal/python-django/quantal

~ubuntu-branches/ubuntu/quantal/python-django/quantal

« back to all changes in this revision

Viewing changes to django/contrib/flatpages/tests/csrf.py

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2010-10-12 11:34:35 UTC
mfrom: (1.1.12 upstream) (29.1.1 maverick-security)
Revision ID: james.westby@ubuntu.com-20101012113435-yy57c8tx6g9anf3e

Tags: 1.2.3-1ubuntu0.1

* SECURITY UPDATE: XSS in CSRF protections. New upstream release
  - CVE-2010-3082
* debian/patches/01_disable_url_verify_regression_tests.diff:
  - updated to disable another test that fails without internet connection
  - patch based on work by Kai Kasurinen and Krzysztof Klimonda
* debian/control: don't Build-Depends on locales-all, which doesn't exist
  in maverick

files added:
.pc/01_disable_url_verify_regression_tests.diff/tests/modeltests

.pc/01_disable_url_verify_regression_tests.diff/tests/modeltests/validation

.pc/01_disable_url_verify_regression_tests.diff/tests/modeltests/validation/tests.py

.pc/05_fix_regression_tests.diff

.pc/05_fix_regression_tests.diff/tests

.pc/05_fix_regression_tests.diff/tests/regressiontests

.pc/05_fix_regression_tests.diff/tests/regressiontests/admin_views

.pc/05_fix_regression_tests.diff/tests/regressiontests/admin_views/tests.py

.pc/06_fix_regression_tests.diff

.pc/06_fix_regression_tests.diff/tests

.pc/06_fix_regression_tests.diff/tests/regressiontests

.pc/06_fix_regression_tests.diff/tests/regressiontests/admin_views

.pc/06_fix_regression_tests.diff/tests/regressiontests/admin_views/tests.py

debian/patches/05_fix_regression_tests.diff

debian/patches/06_fix_regression_tests.diff

django/conf/locale/ml

django/conf/locale/ml/LC_MESSAGES

django/conf/locale/ml/LC_MESSAGES/django.mo

django/conf/locale/ml/LC_MESSAGES/django.po

django/conf/locale/ml/LC_MESSAGES/djangojs.mo

django/conf/locale/ml/LC_MESSAGES/djangojs.po

django/conf/locale/ml/__init__.py

django/conf/locale/ml/formats.py

django/contrib/flatpages/fixtures

django/contrib/flatpages/fixtures/sample_flatpages.json

django/contrib/flatpages/tests

django/contrib/flatpages/tests/__init__.py

django/contrib/flatpages/tests/csrf.py

django/contrib/flatpages/tests/middleware.py

django/contrib/flatpages/tests/templates

django/contrib/flatpages/tests/templates/404.html

django/contrib/flatpages/tests/templates/flatpages

django/contrib/flatpages/tests/templates/flatpages/default.html

django/contrib/flatpages/tests/templates/registration

django/contrib/flatpages/tests/templates/registration/login.html

django/contrib/flatpages/tests/urls.py

django/contrib/flatpages/tests/views.py

django/contrib/sitemaps/models.py

django/contrib/sitemaps/tests

django/contrib/sitemaps/tests/__init__.py

django/contrib/sitemaps/tests/basic.py

django/contrib/sitemaps/tests/urls.py

docs/_theme

docs/_theme/djangodocs

docs/_theme/djangodocs/genindex.html

docs/_theme/djangodocs/layout.html

docs/_theme/djangodocs/modindex.html

docs/_theme/djangodocs/search.html

docs/_theme/djangodocs/static

docs/_theme/djangodocs/static/default.css

docs/_theme/djangodocs/static/djangodocs.css

docs/_theme/djangodocs/static/docicons-behindscenes.png

docs/_theme/djangodocs/static/docicons-note.png

docs/_theme/djangodocs/static/docicons-philosophy.png

docs/_theme/djangodocs/static/homepage.css

docs/_theme/djangodocs/static/reset-fonts-grids.css

docs/_theme/djangodocs/theme.conf

docs/ref/contrib/markup.txt

tests/modeltests/aggregation/tests.py

tests/modeltests/choices/tests.py

tests/modeltests/fixtures/tests.py

tests/modeltests/fixtures_model_package/tests.py

tests/regressiontests/forms/input_formats.py

tests/regressiontests/localflavor/us

tests/regressiontests/localflavor/us/__init__.py

tests/regressiontests/localflavor/us/forms.py

tests/regressiontests/localflavor/us/models.py

tests/regressiontests/localflavor/us/tests.py

tests/regressiontests/m2m_through_regress/tests.py

tests/regressiontests/multiple_database/fixtures/pets.json

files removed:
debian/test_settings.py

docs/_static

docs/_static/default.css

docs/_static/djangodocs.css

docs/_static/docicons-behindscenes.png

docs/_static/docicons-note.png

docs/_static/docicons-philosophy.png

docs/_static/homepage.css

docs/_static/reset-fonts-grids.css

docs/_templates

docs/_templates/genindex.html

docs/_templates/layout.html

docs/_templates/modindex.html

docs/_templates/search.html

tests/regressiontests/localflavor/forms.py

files modified:
.pc/01_disable_url_verify_regression_tests.diff/tests/regressiontests/forms/fields.py

.pc/applied-patches

AUTHORS

MANIFEST.in

PKG-INFO

debian/changelog

debian/control

debian/patches/01_disable_url_verify_regression_tests.diff

debian/patches/series

debian/rules

django/__init__.py

django/conf/global_settings.py

django/conf/locale/cs/LC_MESSAGES/django.mo

django/conf/locale/cs/LC_MESSAGES/django.po

django/conf/locale/cs/LC_MESSAGES/djangojs.mo

django/conf/locale/cs/LC_MESSAGES/djangojs.po

django/conf/locale/da/LC_MESSAGES/djangojs.mo

django/conf/locale/da/LC_MESSAGES/djangojs.po

django/conf/locale/de/LC_MESSAGES/django.mo

django/conf/locale/de/LC_MESSAGES/django.po

django/conf/locale/es_AR/LC_MESSAGES/django.mo

django/conf/locale/es_AR/LC_MESSAGES/django.po

django/conf/locale/es_AR/LC_MESSAGES/djangojs.mo

django/conf/locale/es_AR/LC_MESSAGES/djangojs.po

django/conf/locale/fr/LC_MESSAGES/django.mo

django/conf/locale/fr/LC_MESSAGES/django.po

django/conf/locale/pl/formats.py

django/conf/locale/sr/LC_MESSAGES/django.mo

django/conf/locale/sr/LC_MESSAGES/django.po

django/conf/locale/sr/LC_MESSAGES/djangojs.mo

django/conf/locale/sr/LC_MESSAGES/djangojs.po

django/conf/locale/sr/formats.py

django/conf/locale/sr_Latn/LC_MESSAGES/django.mo

django/conf/locale/sr_Latn/LC_MESSAGES/django.po

django/conf/locale/sr_Latn/formats.py

django/conf/project_template/settings.py

django/conf/project_template/urls.py

django/contrib/admin/media/css/base.css

django/contrib/admin/media/css/changelists.css

django/contrib/admin/options.py

django/contrib/admin/templates/admin/auth/user/add_form.html

django/contrib/admin/templates/admin/base.html

django/contrib/admin/templates/admin/change_list_results.html

django/contrib/admin/templatetags/admin_list.py

django/contrib/admindocs/templates/admin_doc/template_filter_index.html

django/contrib/admindocs/templates/admin_doc/template_tag_index.html

django/contrib/admindocs/views.py

django/contrib/auth/forms.py

django/contrib/auth/tests/__init__.py

django/contrib/auth/tests/forms.py

django/contrib/flatpages/views.py

django/contrib/formtools/wizard.py

django/contrib/gis/db/backends/mysql/creation.py

django/contrib/gis/db/backends/spatialite/base.py

django/contrib/gis/db/models/sql/compiler.py

django/contrib/gis/gdal/libgdal.py

django/contrib/gis/tests/relatedapp/models.py

django/contrib/gis/tests/relatedapp/tests.py

django/contrib/localflavor/in_/in_states.py

django/contrib/markup/tests.py

django/contrib/sitemaps/__init__.py

django/core/cache/backends/db.py

django/core/cache/backends/filebased.py

django/core/files/images.py

django/core/handlers/base.py

django/core/management/__init__.py

django/core/management/base.py

django/core/management/commands/dumpdata.py

django/core/management/commands/flush.py

django/core/management/commands/loaddata.py

django/core/urlresolvers.py

django/db/__init__.py

django/db/backends/__init__.py

django/db/backends/creation.py

django/db/backends/mysql/base.py

django/db/backends/mysql/client.py

django/db/backends/oracle/base.py

django/db/backends/postgresql/base.py

django/db/backends/postgresql/creation.py

django/db/backends/postgresql_psycopg2/base.py

django/db/backends/signals.py

django/db/backends/sqlite3/base.py

django/db/models/base.py

django/db/models/fields/__init__.py

django/db/models/fields/related.py

django/db/models/sql/query.py

django/forms/fields.py

django/forms/forms.py

django/forms/models.py

django/forms/widgets.py

django/http/__init__.py

django/middleware/csrf.py

django/template/defaultfilters.py

django/template/defaulttags.py

django/test/__init__.py

django/test/client.py

django/test/testcases.py

django/test/utils.py

django/utils/datastructures.py

django/utils/hashcompat.py

django/utils/text.py

django/views/csrf.py

django/views/debug.py

docs/Makefile

docs/_ext/djangodocs.py

docs/conf.py

docs/faq/admin.txt

docs/faq/contributing.txt

docs/faq/general.txt

docs/faq/help.txt

docs/faq/index.txt

docs/faq/install.txt

docs/faq/models.txt

docs/faq/usage.txt

docs/glossary.txt

docs/howto/apache-auth.txt

docs/howto/auth-remote-user.txt

docs/howto/custom-file-storage.txt

docs/howto/custom-management-commands.txt

docs/howto/custom-model-fields.txt

docs/howto/custom-template-tags.txt

docs/howto/deployment/fastcgi.txt

docs/howto/deployment/index.txt

docs/howto/deployment/modpython.txt

docs/howto/deployment/modwsgi.txt

docs/howto/error-reporting.txt

docs/howto/i18n.txt

docs/howto/index.txt

docs/howto/initial-data.txt

docs/howto/jython.txt

docs/howto/legacy-databases.txt

docs/howto/outputting-csv.txt

docs/howto/outputting-pdf.txt

docs/howto/static-files.txt

docs/index.txt

docs/internals/committers.txt

docs/internals/contributing.txt

docs/internals/deprecation.txt

docs/internals/documentation.txt

docs/internals/index.txt

docs/internals/release-process.txt

docs/internals/svn.txt

docs/intro/index.txt

docs/intro/install.txt

docs/intro/overview.txt

docs/intro/tutorial01.txt

docs/intro/tutorial02.txt

docs/intro/tutorial03.txt

docs/intro/tutorial04.txt

docs/intro/whatsnext.txt

docs/misc/api-stability.txt

docs/misc/design-philosophies.txt

docs/misc/distributions.txt

docs/misc/index.txt

docs/obsolete/admin-css.txt

docs/obsolete/index.txt

docs/ref/authbackends.txt

docs/ref/contrib/admin/actions.txt

docs/ref/contrib/admin/index.txt

docs/ref/contrib/auth.txt

docs/ref/contrib/comments/custom.txt

docs/ref/contrib/comments/example.txt

docs/ref/contrib/comments/forms.txt

docs/ref/contrib/comments/index.txt

docs/ref/contrib/comments/models.txt

docs/ref/contrib/comments/moderation.txt

docs/ref/contrib/comments/settings.txt

docs/ref/contrib/comments/signals.txt

docs/ref/contrib/comments/upgrade.txt

docs/ref/contrib/contenttypes.txt

docs/ref/contrib/csrf.txt

docs/ref/contrib/databrowse.txt

docs/ref/contrib/flatpages.txt

docs/ref/contrib/formtools/form-preview.txt

docs/ref/contrib/formtools/form-wizard.txt

docs/ref/contrib/formtools/index.txt

docs/ref/contrib/gis/admin.txt

docs/ref/contrib/gis/commands.txt

docs/ref/contrib/gis/create_template_postgis-1.4.sh

docs/ref/contrib/gis/db-api.txt

docs/ref/contrib/gis/deployment.txt

docs/ref/contrib/gis/feeds.txt

docs/ref/contrib/gis/geoquerysets.txt

docs/ref/contrib/gis/install.txt

docs/ref/contrib/gis/layermapping.txt

docs/ref/contrib/gis/measure.txt

docs/ref/contrib/gis/model-api.txt

docs/ref/contrib/gis/testing.txt

docs/ref/contrib/gis/tutorial.txt

docs/ref/contrib/humanize.txt

docs/ref/contrib/index.txt

docs/ref/contrib/localflavor.txt

docs/ref/contrib/messages.txt

docs/ref/contrib/redirects.txt

docs/ref/contrib/sitemaps.txt

docs/ref/contrib/sites.txt

docs/ref/contrib/syndication.txt

docs/ref/contrib/webdesign.txt

docs/ref/databases.txt

docs/ref/django-admin.txt

docs/ref/exceptions.txt

docs/ref/files/file.txt

docs/ref/files/index.txt

docs/ref/files/storage.txt

docs/ref/forms/api.txt

docs/ref/forms/fields.txt

docs/ref/forms/index.txt

docs/ref/forms/validation.txt

docs/ref/forms/widgets.txt

docs/ref/generic-views.txt

docs/ref/index.txt

docs/ref/middleware.txt

docs/ref/models/fields.txt

docs/ref/models/index.txt

docs/ref/models/instances.txt

docs/ref/models/options.txt

docs/ref/models/querysets.txt

docs/ref/models/relations.txt

docs/ref/request-response.txt

docs/ref/settings.txt

docs/ref/signals.txt

docs/ref/templates/api.txt

docs/ref/templates/builtins.txt

docs/ref/templates/index.txt

docs/ref/unicode.txt

docs/ref/utils.txt

docs/ref/validators.txt

docs/releases/0.95.txt

docs/releases/0.96.txt

docs/releases/1.0-alpha-1.txt

docs/releases/1.0-alpha-2.txt

docs/releases/1.0-beta-2.txt

docs/releases/1.0-beta.txt

docs/releases/1.0-porting-guide.txt

docs/releases/1.0.1.txt

docs/releases/1.0.2.txt

docs/releases/1.0.txt

docs/releases/1.1-alpha-1.txt

docs/releases/1.1-beta-1.txt

docs/releases/1.1-rc-1.txt

docs/releases/1.1.2.txt

docs/releases/1.1.txt

docs/releases/1.2-alpha-1.txt

docs/releases/1.2-beta-1.txt

docs/releases/1.2-rc-1.txt

docs/releases/1.2.txt

docs/releases/index.txt

docs/topics/auth.txt

docs/topics/cache.txt

docs/topics/conditional-view-processing.txt

docs/topics/db/aggregation.txt

docs/topics/db/index.txt

docs/topics/db/managers.txt

docs/topics/db/models.txt

docs/topics/db/multi-db.txt

docs/topics/db/optimization.txt

docs/topics/db/queries.txt

docs/topics/db/sql.txt

docs/topics/db/transactions.txt

docs/topics/email.txt

docs/topics/files.txt

docs/topics/forms/formsets.txt

docs/topics/forms/index.txt

docs/topics/forms/media.txt

docs/topics/forms/modelforms.txt

docs/topics/generic-views.txt

docs/topics/http/file-uploads.txt

docs/topics/http/generic-views.txt

docs/topics/http/index.txt

docs/topics/http/middleware.txt

docs/topics/http/sessions.txt

docs/topics/http/shortcuts.txt

docs/topics/http/urls.txt

docs/topics/http/views.txt

docs/topics/i18n/deployment.txt

docs/topics/i18n/index.txt

docs/topics/i18n/internationalization.txt

docs/topics/i18n/localization.txt

docs/topics/index.txt

docs/topics/install.txt

docs/topics/pagination.txt

docs/topics/serialization.txt

docs/topics/settings.txt

docs/topics/signals.txt

docs/topics/templates.txt

docs/topics/testing.txt

setup.cfg

setup.py

tests/modeltests/aggregation/models.py

tests/modeltests/choices/models.py

tests/modeltests/fixtures/models.py

tests/modeltests/fixtures_model_package/models/__init__.py

tests/modeltests/model_forms/tests.py

tests/modeltests/proxy_model_inheritance/tests.py

tests/modeltests/test_client/models.py

tests/modeltests/validation/test_unique.py

tests/modeltests/validation/tests.py

tests/regressiontests/admin_changelist/tests.py

tests/regressiontests/admin_scripts/tests.py

tests/regressiontests/admin_views/models.py

tests/regressiontests/admin_views/tests.py

tests/regressiontests/aggregation_regress/models.py

tests/regressiontests/aggregation_regress/tests.py

tests/regressiontests/backends/tests.py

tests/regressiontests/cache/tests.py

tests/regressiontests/csrf_tests/tests.py

tests/regressiontests/file_storage/tests.py

tests/regressiontests/forms/fields.py

tests/regressiontests/forms/localflavor/au.py

tests/regressiontests/forms/models.py

tests/regressiontests/forms/tests.py

tests/regressiontests/httpwrappers/tests.py

tests/regressiontests/localflavor/models.py

tests/regressiontests/localflavor/tests.py

tests/regressiontests/m2m_through_regress/models.py

tests/regressiontests/model_forms_regress/models.py

tests/regressiontests/model_forms_regress/tests.py

tests/regressiontests/model_formsets_regress/tests.py

tests/regressiontests/multiple_database/tests.py

tests/regressiontests/serializers_regress/tests.py

tests/regressiontests/templates/filters.py

tests/regressiontests/templates/tests.py

tests/regressiontests/test_client_regress/models.py

tests/regressiontests/test_client_regress/urls.py

tests/regressiontests/test_client_regress/views.py

tests/regressiontests/urlpatterns_reverse/tests.py

tests/regressiontests/utils/timesince.py

tests/runtests.py

Show diffs side-by-side

added added

removed removed

django/contrib/flatpages/tests/csrf.py

1

import os

2

from django.conf import settings

3

from django.test import TestCase, Client

4

5

class FlatpageCSRFTests(TestCase):

6

fixtures = ['sample_flatpages']

7

urls = 'django.contrib.flatpages.tests.urls'

8

9

def setUp(self):

10

self.client = Client(enforce_csrf_checks=True)

11

self.old_MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES

12

flatpage_middleware_class = 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware'

13

csrf_middleware_class = 'django.middleware.csrf.CsrfViewMiddleware'

14

if csrf_middleware_class not in settings.MIDDLEWARE_CLASSES:

15

settings.MIDDLEWARE_CLASSES += (csrf_middleware_class,)

16

if flatpage_middleware_class not in settings.MIDDLEWARE_CLASSES:

17

settings.MIDDLEWARE_CLASSES += (flatpage_middleware_class,)

18

self.old_TEMPLATE_DIRS = settings.TEMPLATE_DIRS

19

settings.TEMPLATE_DIRS = (

20

os.path.join(

21

os.path.dirname(__file__),

22

'templates'

23

),

24

)

25

26

def tearDown(self):

27

settings.MIDDLEWARE_CLASSES = self.old_MIDDLEWARE_CLASSES

28

settings.TEMPLATE_DIRS = self.old_TEMPLATE_DIRS

29

30

def test_view_flatpage(self):

31

"A flatpage can be served through a view, even when the middleware is in use"

32

response = self.client.get('/flatpage_root/flatpage/')

33

self.assertEquals(response.status_code, 200)

34

self.assertContains(response, "<p>Isn't it flat!</p>")

35

36

def test_view_non_existent_flatpage(self):

37

"A non-existent flatpage raises 404 when served through a view, even when the middleware is in use"

38

response = self.client.get('/flatpage_root/no_such_flatpage/')

39

self.assertEquals(response.status_code, 404)

40

41

def test_view_authenticated_flatpage(self):

42

"A flatpage served through a view can require authentication"

43

response = self.client.get('/flatpage_root/sekrit/')

44

self.assertRedirects(response, '/accounts/login/?next=/flatpage_root/sekrit/')

45

46

def test_fallback_flatpage(self):

47

"A flatpage can be served by the fallback middlware"

48

response = self.client.get('/flatpage/')

49

self.assertEquals(response.status_code, 200)

50

self.assertContains(response, "<p>Isn't it flat!</p>")

51

52

def test_fallback_non_existent_flatpage(self):

53

"A non-existent flatpage raises a 404 when served by the fallback middlware"

54

response = self.client.get('/no_such_flatpage/')

55

self.assertEquals(response.status_code, 404)

56

57

def test_post_view_flatpage(self):

58

"POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)"

59

response = self.client.post('/flatpage_root/flatpage/')

60

self.assertEquals(response.status_code, 403)

61

62

def test_post_fallback_flatpage(self):

63

"POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)"

64

response = self.client.post('/flatpage/')

65

self.assertEquals(response.status_code, 403)

66

67

def test_post_unknown_page(self):

68

"POSTing to an unknown page isn't caught as a 403 CSRF error"

69

response = self.client.post('/no_such_page/')

70

self.assertEquals(response.status_code, 404)

Older »