← Back to branch summary

~ubuntu-branches/ubuntu/saucy/python-django/saucy-updates

~ubuntu-branches/ubuntu/saucy/python-django/saucy-updates

« back to all changes in this revision

Viewing changes to .pc/CVE-2014-0472-regression.patch/tests/regressiontests/urlpatterns_reverse/views.py

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2014-04-22 23:12:52 UTC
Revision ID: package-import@ubuntu.com-20140422231252-8cu8s89mk8mik8ac

Tags: 1.5.4-1ubuntu1.2

https://launchpad.net/bugs/1311433

* SECURITY REGRESSION: security fix regression when a view is a partial
  (LP: #1311433)
  - debian/patches/CVE-2014-0472-regression.patch: create the lookup_str
    from the original function whenever a partial is provided as an
    argument to a url pattern in django/core/urlresolvers.py,
    added tests to tests/regressiontests/urlpatterns_reverse/urls.py,
    tests/regressiontests/urlpatterns_reverse/views.py.
  - CVE-2014-0472

files added:
.pc/CVE-2014-0472-regression.patch

.pc/CVE-2014-0472-regression.patch/django

.pc/CVE-2014-0472-regression.patch/django/core

.pc/CVE-2014-0472-regression.patch/django/core/urlresolvers.py

.pc/CVE-2014-0472-regression.patch/tests

.pc/CVE-2014-0472-regression.patch/tests/regressiontests

.pc/CVE-2014-0472-regression.patch/tests/regressiontests/urlpatterns_reverse

.pc/CVE-2014-0472-regression.patch/tests/regressiontests/urlpatterns_reverse/urls.py

.pc/CVE-2014-0472-regression.patch/tests/regressiontests/urlpatterns_reverse/views.py

debian/patches/CVE-2014-0472-regression.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

django/core/urlresolvers.py

tests/regressiontests/urlpatterns_reverse/urls.py

tests/regressiontests/urlpatterns_reverse/views.py

Show diffs side-by-side

added added

removed removed

.pc/CVE-2014-0472-regression.patch/tests/regressiontests/urlpatterns_reverse/views.py

1

from django.http import HttpResponse

2

from django.views.generic import RedirectView

3

from django.core.urlresolvers import reverse_lazy

4

5

from django.contrib.auth.decorators import user_passes_test

6

7

def empty_view(request, *args, **kwargs):

8

return HttpResponse('')

9

10

def kwargs_view(request, arg1=1, arg2=2):

11

return HttpResponse('')

12

13

def absolute_kwargs_view(request, arg1=1, arg2=2):

14

return HttpResponse('')

15

16

def defaults_view(request, arg1, arg2):

17

pass

18

19

def nested_view(request):

20

pass

21

22

23

def erroneous_view(request):

24

import non_existent

25

26

def pass_resolver_match_view(request, *args, **kwargs):

27

response = HttpResponse('')

28

response.resolver_match = request.resolver_match

29

return response

30

31

uncallable = "Can I be a view? Pleeeease?"

32

33

class ViewClass(object):

34

def __call__(self, request, *args, **kwargs):

35

return HttpResponse('')

36

37

view_class_instance = ViewClass()

38

39

class LazyRedirectView(RedirectView):

40

url = reverse_lazy('named-lazy-url-redirected-to')

41

42

@user_passes_test(lambda u: u.is_authenticated(), login_url=reverse_lazy('some-login-page'))

43

def login_required_view(request):

44

return HttpResponse('Hello you')

45

46

def bad_view(request, *args, **kwargs):

47

raise ValueError("I don't think I'm getting good value for this view")

Older »