1
0
mirror of https://github.com/django/django.git synced 2025-01-03 06:55:47 +00:00

Fixed #31907 -- Fixed missing validate_key() calls in cache backends.

This commit is contained in:
Nick Pope 2020-08-19 14:05:05 +01:00 committed by Mariusz Felisiak
parent 9e04b242ee
commit b5acb9db75
3 changed files with 14 additions and 1 deletions

View File

@ -59,6 +59,7 @@ class LocMemCache(BaseCache):
def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None): def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None):
key = self.make_key(key, version=version) key = self.make_key(key, version=version)
self.validate_key(key)
with self._lock: with self._lock:
if self._has_expired(key): if self._has_expired(key):
return False return False

View File

@ -81,6 +81,7 @@ class BaseMemcachedCache(BaseCache):
def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None): def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None):
key = self.make_key(key, version=version) key = self.make_key(key, version=version)
self.validate_key(key)
return bool(self._cache.touch(key, self.get_backend_timeout(timeout))) return bool(self._cache.touch(key, self.get_backend_timeout(timeout)))
def delete(self, key, version=None): def delete(self, key, version=None):
@ -145,7 +146,10 @@ class BaseMemcachedCache(BaseCache):
return [original_keys[k] for k in failed_keys] return [original_keys[k] for k in failed_keys]
def delete_many(self, keys, version=None): def delete_many(self, keys, version=None):
self._cache.delete_multi(self.make_key(key, version=version) for key in keys) keys = [self.make_key(key, version=version) for key in keys]
for key in keys:
self.validate_key(key)
self._cache.delete_multi(keys)
def clear(self): def clear(self):
self._cache.flush_all() self._cache.flush_all()
@ -173,6 +177,7 @@ class MemcachedCache(BaseMemcachedCache):
def get(self, key, default=None, version=None): def get(self, key, default=None, version=None):
key = self.make_key(key, version=version) key = self.make_key(key, version=version)
self.validate_key(key)
val = self._cache.get(key) val = self._cache.get(key)
# python-memcached doesn't support default values in get(). # python-memcached doesn't support default values in get().
# https://github.com/linsomniac/python-memcached/issues/159 # https://github.com/linsomniac/python-memcached/issues/159
@ -186,6 +191,7 @@ class MemcachedCache(BaseMemcachedCache):
# https://github.com/linsomniac/python-memcached/issues/170 # https://github.com/linsomniac/python-memcached/issues/170
# Call _deletetouch() without the NOT_FOUND in expected results. # Call _deletetouch() without the NOT_FOUND in expected results.
key = self.make_key(key, version=version) key = self.make_key(key, version=version)
self.validate_key(key)
return bool(self._cache._deletetouch([b'DELETED'], 'delete', key)) return bool(self._cache._deletetouch([b'DELETED'], 'delete', key))
@ -201,6 +207,7 @@ class PyLibMCCache(BaseMemcachedCache):
def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None): def touch(self, key, timeout=DEFAULT_TIMEOUT, version=None):
key = self.make_key(key, version=version) key = self.make_key(key, version=version)
self.validate_key(key)
if timeout == 0: if timeout == 0:
return self._cache.delete(key) return self._cache.delete(key)
return self._cache.touch(key, self.get_backend_timeout(timeout)) return self._cache.touch(key, self.get_backend_timeout(timeout))

View File

@ -656,6 +656,7 @@ class BaseCacheTests:
('set', [key, 1]), ('set', [key, 1]),
('incr', [key]), ('incr', [key]),
('decr', [key]), ('decr', [key]),
('touch', [key]),
('delete', [key]), ('delete', [key]),
('get_many', [[key, 'b']]), ('get_many', [[key, 'b']]),
('set_many', [{key: 1, 'b': 2}]), ('set_many', [{key: 1, 'b': 2}]),
@ -1306,11 +1307,15 @@ class BaseMemcachedTests(BaseCacheTests):
msg = expected_warning.replace(key, cache.make_key(key)) msg = expected_warning.replace(key, cache.make_key(key))
tests = [ tests = [
('add', [key, 1]), ('add', [key, 1]),
('get', [key]),
('set', [key, 1]), ('set', [key, 1]),
('incr', [key]), ('incr', [key]),
('decr', [key]), ('decr', [key]),
('touch', [key]),
('delete', [key]),
('get_many', [[key, 'b']]), ('get_many', [[key, 'b']]),
('set_many', [{key: 1, 'b': 2}]), ('set_many', [{key: 1, 'b': 2}]),
('delete_many', [{key: 1, 'b': 2}]),
] ]
for operation, args in tests: for operation, args in tests:
with self.subTest(operation=operation): with self.subTest(operation=operation):