mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-12-09 02:55:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.

Browse source 
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
This commit is contained in:
Preston Holmes 2013-05-15 16:14:28 -07:00
parent 36d47f72e3
commit d228c1192e
38 changed files with 363 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

4
django/http/request.py
View file

@ -14,7 +14,7 @@ except ImportError:
from django.conf import settings
from django.core import signing
from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured
from django.core.exceptions import DisallowedHost, ImproperlyConfigured
from django.core.files import uploadhandler
from django.http.multipartparser import MultiPartParser
from django.utils import six
@ -72,7 +72,7 @@ class HttpRequest(object):
msg = "Invalid HTTP_HOST header: %r." % host
if domain:
msg += "You may need to add %r to ALLOWED_HOSTS." % domain
raise SuspiciousOperation(msg)
raise DisallowedHost(msg)
def get_full_path(self):
# RFC 3986 requires query string arguments to be in the ASCII range.