mirror of
				https://github.com/django/django.git
				synced 2025-10-26 07:06:08 +00:00 
			
		
		
		
	Fixed #24455 -- Fixed crash in debug view with lazy objects
This commit is contained in:
		| @@ -186,7 +186,15 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter): | ||||
|                 return request.POST | ||||
|  | ||||
|     def cleanse_special_types(self, request, value): | ||||
|         if isinstance(value, HttpRequest): | ||||
|         try: | ||||
|             # If value is lazy or a complex object of another kind, this check | ||||
|             # might raise an exception. isinstance checks that lazy HttpRequests | ||||
|             # or MultiValueDicts will have a return value. | ||||
|             is_request = isinstance(value, HttpRequest) | ||||
|         except Exception as e: | ||||
|             return '{!r} while evaluating {!r}'.format(e, value) | ||||
|  | ||||
|         if is_request: | ||||
|             # Cleanse the request's POST parameters. | ||||
|             value = self.get_request_repr(value) | ||||
|         elif isinstance(value, MultiValueDict): | ||||
|   | ||||
| @@ -18,6 +18,7 @@ from django.template.base import TemplateDoesNotExist | ||||
| from django.test import RequestFactory, TestCase, override_settings | ||||
| from django.utils import six | ||||
| from django.utils.encoding import force_bytes, force_text | ||||
| from django.utils.functional import SimpleLazyObject | ||||
| from django.views.debug import CallableSettingWrapper, ExceptionReporter | ||||
|  | ||||
| from .. import BrokenException, except_args | ||||
| @@ -380,6 +381,36 @@ class ExceptionReporterTests(TestCase): | ||||
|         html = reporter.get_traceback_html() | ||||
|         self.assertIn('<h1>ImportError at /test_view/</h1>', html) | ||||
|  | ||||
|     def test_ignore_traceback_evaluation_exceptions(self): | ||||
|         """ | ||||
|         Don't trip over exceptions generated by crafted objects when | ||||
|         evaluating them while cleansing (#24455). | ||||
|         """ | ||||
|         class BrokenEvaluation(Exception): | ||||
|             pass | ||||
|  | ||||
|         def broken_setup(): | ||||
|             raise BrokenEvaluation | ||||
|  | ||||
|         request = self.rf.get('/test_view/') | ||||
|         broken_lazy = SimpleLazyObject(broken_setup) | ||||
|         try: | ||||
|             bool(broken_lazy) | ||||
|         except BrokenEvaluation: | ||||
|             exc_type, exc_value, tb = sys.exc_info() | ||||
|  | ||||
|         reporter = ExceptionReporter(request, exc_type, exc_value, tb) | ||||
|         try: | ||||
|             html = reporter.get_traceback_html() | ||||
|         except BrokenEvaluation: | ||||
|             self.fail("Broken evaluation in traceback is not caught.") | ||||
|  | ||||
|         self.assertIn( | ||||
|             "BrokenEvaluation", | ||||
|             html, | ||||
|             "Evaluation exception reason not mentioned in traceback" | ||||
|         ) | ||||
|  | ||||
|  | ||||
| class PlainTextReportTests(TestCase): | ||||
|     rf = RequestFactory() | ||||
|   | ||||
		Reference in New Issue
	
	Block a user