From 14b0132e5e70854076ea781451f5ff37f8dc8edd Mon Sep 17 00:00:00 2001 From: yushanfans2233 Date: Sat, 11 Nov 2023 15:24:24 +0800 Subject: [PATCH] Fixed #34830 -- Added request to bad_request/csrf_failure view template contexts. --- django/views/csrf.py | 5 +++-- django/views/defaults.py | 3 ++- tests/view_tests/tests/test_csrf.py | 1 + tests/view_tests/tests/test_defaults.py | 23 +++++++++++++++++++++++ 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/django/views/csrf.py b/django/views/csrf.py index 3c572a621a..adc629e843 100644 --- a/django/views/csrf.py +++ b/django/views/csrf.py @@ -67,13 +67,14 @@ def csrf_failure(request, reason="", template_name=CSRF_FAILURE_TEMPLATE_NAME): } try: t = loader.get_template(template_name) + body = t.render(request=request) except TemplateDoesNotExist: if template_name == CSRF_FAILURE_TEMPLATE_NAME: # If the default template doesn't exist, use the fallback template. with builtin_template_path("csrf_403.html").open(encoding="utf-8") as fh: t = Engine().from_string(fh.read()) - c = Context(c) + body = t.render(Context(c)) else: # Raise if a developer-specified template doesn't exist. raise - return HttpResponseForbidden(t.render(c)) + return HttpResponseForbidden(body) diff --git a/django/views/defaults.py b/django/views/defaults.py index ccad802a54..8f56a8fb89 100644 --- a/django/views/defaults.py +++ b/django/views/defaults.py @@ -109,6 +109,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME): """ try: template = loader.get_template(template_name) + body = template.render(request=request) except TemplateDoesNotExist: if template_name != ERROR_400_TEMPLATE_NAME: # Reraise if it's a missing custom template. @@ -118,7 +119,7 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME): ) # No exception content is passed to the template, to not disclose any # sensitive information. - return HttpResponseBadRequest(template.render()) + return HttpResponseBadRequest(body) @requires_csrf_token diff --git a/tests/view_tests/tests/test_csrf.py b/tests/view_tests/tests/test_csrf.py index ef4a50dd45..af16ffd740 100644 --- a/tests/view_tests/tests/test_csrf.py +++ b/tests/view_tests/tests/test_csrf.py @@ -112,6 +112,7 @@ class CsrfViewTests(SimpleTestCase): """A custom CSRF_FAILURE_TEMPLATE_NAME is used.""" response = self.client.post("/") self.assertContains(response, "Test template for CSRF failure", status_code=403) + self.assertIs(response.wsgi_request, response.context.request) def test_custom_template_does_not_exist(self): """An exception is raised if a nonexistent template is supplied.""" diff --git a/tests/view_tests/tests/test_defaults.py b/tests/view_tests/tests/test_defaults.py index f99066e5bb..415a9a8c67 100644 --- a/tests/view_tests/tests/test_defaults.py +++ b/tests/view_tests/tests/test_defaults.py @@ -102,6 +102,29 @@ class DefaultsTests(TestCase): response = bad_request(request, Exception()) self.assertContains(response, b"

Bad Request (400)

", status_code=400) + @override_settings( + TEMPLATES=[ + { + "BACKEND": "django.template.backends.django.DjangoTemplates", + "OPTIONS": { + "loaders": [ + ( + "django.template.loaders.locmem.Loader", + { + "400.html": ( + "This is a test template for a 400 error " + ), + }, + ), + ], + }, + } + ] + ) + def test_custom_bad_request_template(self): + response = self.client.get("/raises400/") + self.assertIs(response.wsgi_request, response.context[-1].request) + @override_settings( TEMPLATES=[ {