From ad2d57a2ccb6316001205739090a2a1d79453207 Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Mon, 29 Oct 2012 17:26:10 +0100 Subject: [PATCH] [1.4.x] Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers Thanks bernardofontes for the report. Backport of b774c5993 from master. --- django/contrib/auth/tests/views.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py index 1525f888fe..d295bb8c10 100644 --- a/django/contrib/auth/tests/views.py +++ b/django/contrib/auth/tests/views.py @@ -118,6 +118,8 @@ class PasswordResetTest(AuthViewsTestCase): self.assertTrue("http://adminsite.com" in mail.outbox[0].body) self.assertEqual(settings.DEFAULT_FROM_EMAIL, mail.outbox[0].from_email) + # Skip any 500 handler action (like sending more mail...) + @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True) def test_poisoned_http_host(self): "Poisoned HTTP_HOST headers can't be used for reset emails" # This attack is based on the way browsers handle URLs. The colon @@ -134,6 +136,8 @@ class PasswordResetTest(AuthViewsTestCase): ) self.assertEqual(len(mail.outbox), 0) + # Skip any 500 handler action (like sending more mail...) + @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True) def test_poisoned_http_host_admin_site(self): "Poisoned HTTP_HOST headers can't be used for reset emails on admin views" with self.assertRaises(SuspiciousOperation):