Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.

SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2025-10-24 06:06:09 +00:00 · 2013-05-15 16:14:28 -07:00
parent 36d47f72e3
commit d228c1192e
38 changed files with 363 additions and 77 deletions
--- a/tests/urlpatterns_reverse/tests.py
+++ b/tests/urlpatterns_reverse/tests.py
@@ -516,7 +516,7 @@ class RequestURLconfTests(TestCase):
            b''.join(self.client.get('/second_test/'))

 class ErrorHandlerResolutionTests(TestCase):
-    """Tests for handler404 and handler500"""
+    """Tests for handler400, handler404 and handler500"""

    def setUp(self):
        from django.core.urlresolvers import RegexURLResolver
@@ -528,12 +528,14 @@ class ErrorHandlerResolutionTests(TestCase):
    def test_named_handlers(self):
        from .views import empty_view
        handler = (empty_view, {})
+        self.assertEqual(self.resolver.resolve400(), handler)
        self.assertEqual(self.resolver.resolve404(), handler)
        self.assertEqual(self.resolver.resolve500(), handler)

    def test_callable_handers(self):
        from .views import empty_view
        handler = (empty_view, {})
+        self.assertEqual(self.callable_resolver.resolve400(), handler)
        self.assertEqual(self.callable_resolver.resolve404(), handler)
        self.assertEqual(self.callable_resolver.resolve500(), handler)