← Back to branch summary

~ubuntu-branches/ubuntu/saucy/python-django/saucy-updates

« back to all changes in this revision

Viewing changes to tests/regressiontests/urlpatterns_reverse/urls.py

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-04-22 23:12:52 UTC
  • Revision ID: package-import@ubuntu.com-20140422231252-8cu8s89mk8mik8ac
Tags: 1.5.4-1ubuntu1.2
https://launchpad.net/bugs/1311433
* SECURITY REGRESSION: security fix regression when a view is a partial
  (LP: #1311433)
  - debian/patches/CVE-2014-0472-regression.patch: create the lookup_str
    from the original function whenever a partial is provided as an
    argument to a url pattern in django/core/urlresolvers.py,
    added tests to tests/regressiontests/urlpatterns_reverse/urls.py,
    tests/regressiontests/urlpatterns_reverse/views.py.
  - CVE-2014-0472

Show diffs side-by-side

added added

removed removed

Lines of Context:
tests/regressiontests/urlpatterns_reverse/urls.py
2
2
 
3
3
from django.conf.urls import patterns, url, include
4
4
 
5
 
from .views import empty_view, absolute_kwargs_view
 
5
from .views import empty_view, empty_view_partial, empty_view_wrapped, absolute_kwargs_view
6
6
 
7
7
 
8
8
other_patterns = patterns('',
53
53
            include('regressiontests.urlpatterns_reverse.included_urls')),
54
54
    url('', include('regressiontests.urlpatterns_reverse.extra_urls')),
55
55
 
 
56
    # Partials should be fine.
 
57
    url(r'^partial/', empty_view_partial, name="partial"),
 
58
    url(r'^partial_wrapped/', empty_view_wrapped, name="partial_wrapped"),
 
59
 
56
60
    # This is non-reversible, but we shouldn't blow up when parsing it.
57
61
    url(r'^(?:foo|bar)(\w+)/$', empty_view, name="disjunction"),
58
62