Raised SuspiciousFileOperation in safe_join.

Added a test for the condition safe_join is designed to prevent. Previously, a generic ValueError was raised. It was impossible to tell an intentional exception raised to implement safe_join's contract from an unintentional exception caused by incorrect inputs or unexpected conditions. That resulted in bizarre exception catching patterns, which this patch removes. Since safe_join is a private API and since the change is unlikely to create security issues for users who use it anyway -- at worst, an uncaught SuspiciousFileOperation exception will bubble up -- it isn't documented.
2025-10-29 08:36:09 +00:00 · 2014-11-11 18:59:49 +01:00
parent 40ba6f21bb
commit b8ba73cd0c
5 changed files with 18 additions and 19 deletions
--- a/django/template/loaders/app_directories.py
+++ b/django/template/loaders/app_directories.py
@@ -8,6 +8,7 @@ import sys

 from django.apps import apps
 from django.conf import settings
+from django.core.exceptions import SuspiciousFileOperation
 from django.template.base import TemplateDoesNotExist
 from django.template.loader import BaseLoader
 from django.utils._os import safe_join
@@ -47,11 +48,9 @@ class Loader(BaseLoader):
        for template_dir in template_dirs:
            try:
                yield safe_join(template_dir, template_name)
-            except UnicodeDecodeError:
-                # The template dir name was a bytestring that wasn't valid UTF-8.
-                raise
-            except ValueError:
-                # The joined path was located outside of template_dir.
+            except SuspiciousFileOperation:
+                # The joined path was located outside of this template_dir
+                # (it might be inside another one, so this isn't fatal).
                pass

    def load_template_source(self, template_name, template_dirs=None):
--- a/django/template/loaders/filesystem.py
+++ b/django/template/loaders/filesystem.py
@@ -3,6 +3,7 @@ Wrapper for loading templates from the filesystem.
 """

 from django.conf import settings
+from django.core.exceptions import SuspiciousFileOperation
 from django.template.base import TemplateDoesNotExist
 from django.template.loader import BaseLoader
 from django.utils._os import safe_join
@@ -22,13 +23,9 @@ class Loader(BaseLoader):
        for template_dir in template_dirs:
            try:
                yield safe_join(template_dir, template_name)
-            except UnicodeDecodeError:
-                # The template dir name was a bytestring that wasn't valid UTF-8.
-                raise
-            except ValueError:
-                # The joined path was located outside of this particular
-                # template_dir (it might be inside another one, so this isn't
-                # fatal).
+            except SuspiciousFileOperation:
+                # The joined path was located outside of this template_dir
+                # (it might be inside another one, so this isn't fatal).
                pass

    def load_template_source(self, template_name, template_dirs=None):