From b5acb9db751c3e179cdd55398432dfad2c259628 Mon Sep 17 00:00:00 2001 From: Nick Pope Date: Wed, 19 Aug 2020 14:05:05 +0100 Subject: [PATCH] Fixed #31907 -- Fixed missing validate_key() calls in cache backends. --- django/core/cache/backends/locmem.py | 1 + django/core/cache/backends/memcached.py | 9 ++++++++- tests/cache/tests.py | 5 +++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/django/core/cache/backends/locmem.py b/django/core/cache/backends/locmem.py index 2573d14497..72cbc9cefd 100644 --- a/django/core/cache/backends/locmem.py +++ b/django/core/cache/backends/locmem.py @@ -59,6 +59,7 @@ class LocMemCache(BaseCache): def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None): key = self.make_key(key, version=version) + self.validate_key(key) with self._lock: if self._has_expired(key): return False diff --git a/django/core/cache/backends/memcached.py b/django/core/cache/backends/memcached.py index 245366c799..d331642f09 100644 --- a/django/core/cache/backends/memcached.py +++ b/django/core/cache/backends/memcached.py @@ -81,6 +81,7 @@ class BaseMemcachedCache(BaseCache): def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None): key = self.make_key(key, version=version) + self.validate_key(key) return bool(self._cache.touch(key, self.get_backend_timeout(timeout))) def delete(self, key, version=None): @@ -145,7 +146,10 @@ class BaseMemcachedCache(BaseCache): return [original_keys[k] for k in failed_keys] def delete_many(self, keys, version=None): - self._cache.delete_multi(self.make_key(key, version=version) for key in keys) + keys = [self.make_key(key, version=version) for key in keys] + for key in keys: + self.validate_key(key) + self._cache.delete_multi(keys) def clear(self): self._cache.flush_all() @@ -173,6 +177,7 @@ class MemcachedCache(BaseMemcachedCache): def get(self, key, default=None, version=None): key = self.make_key(key, version=version) + self.validate_key(key) val = self._cache.get(key) # python-memcached doesn't support default values in get(). # https://github.com/linsomniac/python-memcached/issues/159 @@ -186,6 +191,7 @@ class MemcachedCache(BaseMemcachedCache): # https://github.com/linsomniac/python-memcached/issues/170 # Call _deletetouch() without the NOT_FOUND in expected results. key = self.make_key(key, version=version) + self.validate_key(key) return bool(self._cache._deletetouch([b'DELETED'], 'delete', key)) @@ -201,6 +207,7 @@ class PyLibMCCache(BaseMemcachedCache): def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None): key = self.make_key(key, version=version) + self.validate_key(key) if timeout == 0: return self._cache.delete(key) return self._cache.touch(key, self.get_backend_timeout(timeout)) diff --git a/tests/cache/tests.py b/tests/cache/tests.py index 260717c0b6..865f0cefc8 100644 --- a/tests/cache/tests.py +++ b/tests/cache/tests.py @@ -656,6 +656,7 @@ class BaseCacheTests: ('set', [key, 1]), ('incr', [key]), ('decr', [key]), + ('touch', [key]), ('delete', [key]), ('get_many', [[key, 'b']]), ('set_many', [{key: 1, 'b': 2}]), @@ -1306,11 +1307,15 @@ class BaseMemcachedTests(BaseCacheTests): msg = expected_warning.replace(key, cache.make_key(key)) tests = [ ('add', [key, 1]), + ('get', [key]), ('set', [key, 1]), ('incr', [key]), ('decr', [key]), + ('touch', [key]), + ('delete', [key]), ('get_many', [[key, 'b']]), ('set_many', [{key: 1, 'b': 2}]), + ('delete_many', [{key: 1, 'b': 2}]), ] for operation, args in tests: with self.subTest(operation=operation):