mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.

Browse Source 
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
This commit is contained in:
Adam Johnson
2024-01-22 13:21:13 +00:00
committed by Natalia
parent 9cefdfc43f
commit 55519d6cf8
5 changed files with 87 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
tests/humanize_tests/tests.py
View File

@@ -116,39 +116,71 @@ class HumanizeTests(SimpleTestCase):
def test_intcomma(self):
test_list = (
100,
-100,
1000,
-1000,
10123,
-10123,
10311,
-10311,
1000000,
-1000000,
1234567.25,
-1234567.25,
"100",
"-100",
"1000",
"-1000",
"10123",
"-10123",
"10311",
"-10311",
"1000000",
"-1000000",
"1234567.1234567",
"-1234567.1234567",
Decimal("1234567.1234567"),
Decimal("-1234567.1234567"),
None,
"",
"-",
".",
"-.",
"the quick brown fox jumped over the lazy dog",
)
result_list = (
"100",
"-100",
"1,000",
"-1,000",
"10,123",
"-10,123",
"10,311",
"-10,311",
"1,000,000",
"-1,000,000",
"1,234,567.25",
"-1,234,567.25",
"100",
"-100",
"1,000",
"-1,000",
"10,123",
"-10,123",
"10,311",
"-10,311",
"1,000,000",
"-1,000,000",
"1,234,567.1234567",
"-1,234,567.1234567",
"1,234,567.1234567",
"-1,234,567.1234567",
None,
"1,234,567",
"-1,234,567",
",,.",
"-,,.",
"the quick brown fox jumped over the lazy dog",
)
with translation.override("en"):
self.humanize_tester(test_list, result_list, "intcomma")
@@ -156,39 +188,71 @@ class HumanizeTests(SimpleTestCase):
def test_l10n_intcomma(self):
test_list = (
100,
-100,
1000,
-1000,
10123,
-10123,
10311,
-10311,
1000000,
-1000000,
1234567.25,
-1234567.25,
"100",
"-100",
"1000",
"-1000",
"10123",
"-10123",
"10311",
"-10311",
"1000000",
"-1000000",
"1234567.1234567",
"-1234567.1234567",
Decimal("1234567.1234567"),
-Decimal("1234567.1234567"),
None,
"",
"-",
".",
"-.",
"the quick brown fox jumped over the lazy dog",
)
result_list = (
"100",
"-100",
"1,000",
"-1,000",
"10,123",
"-10,123",
"10,311",
"-10,311",
"1,000,000",
"-1,000,000",
"1,234,567.25",
"-1,234,567.25",
"100",
"-100",
"1,000",
"-1,000",
"10,123",
"-10,123",
"10,311",
"-10,311",
"1,000,000",
"-1,000,000",
"1,234,567.1234567",
"-1,234,567.1234567",
"1,234,567.1234567",
"-1,234,567.1234567",
None,
"1,234,567",
"-1,234,567",
",,.",
"-,,.",
"the quick brown fox jumped over the lazy dog",
)
with self.settings(USE_THOUSAND_SEPARATOR=False):
with translation.override("en"):