Ticket #20411: 20411_fix_exception_invalid_referer.diff

File 20411_fix_exception_invalid_referer.diff, 1.6 KB (added by Steffen Zieger, 11 years ago)

Fix for ValueError exception if referer is invalid

  • django/utils/http.py 

    diff --git a/django/utils/http.py b/django/utils/http.py
index 15fac6b..9897df4 100644
    a b def same_origin(url1, url2):  
    226226    Checks if two URLs are 'same-origin'
    227227    """
    228228    p1, p2 = urllib_parse.urlparse(url1), urllib_parse.urlparse(url2)
    229     return (p1.scheme, p1.hostname, p1.port) == (p2.scheme, p2.hostname, p2.port)
     229    try:
     230        return (p1.scheme, p1.hostname, p1.port) == (p2.scheme, p2.hostname, p2.port)
     231    except ValueError:
     232        return False
    230233
    231234def is_safe_url(url, host=None):
    232235    """

  • tests/csrf_tests/tests.py 

    diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py
index 5300b21..b9e8cb5 100644
    a b class CsrfViewMiddlewareTest(TestCase):  
    284284        self.assertEqual(403, req2.status_code)
    285285
    286286    @override_settings(ALLOWED_HOSTS=['www.example.com'])
     287    def test_https_malformed_referer(self):
     288        """
     289        Test that a POST HTTPS request with a bad referer is rejected
     290        """
     291        req = self._get_POST_request_with_token()
     292        req._is_secure_override = True
     293        req.META['HTTP_HOST'] = 'www.example.com'
     294        req.META['HTTP_REFERER'] = 'http://http://www.example.com/'
     295        req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
     296        self.assertNotEqual(None, req2)
     297        self.assertEqual(403, req2.status_code)
     298
     299    @override_settings(ALLOWED_HOSTS=['www.example.com'])
    287300    def test_https_good_referer(self):
    288301        """
    289302        Test that a POST HTTPS request with a good referer is accepted
Back to Top