From dbbcfca476e29354c3a5c6221112b55741babc14 Mon Sep 17 00:00:00 2001 From: Anubhav Joshi Date: Tue, 24 Jun 2014 09:43:34 +0530 Subject: [PATCH] Fixed #21668 -- Return detailed error page when SuspiciousOperation is raised and DEBUG=True Thanks GDorn and gox21 for report. Thanks Tim Graham for idea and review. --- django/core/handlers/base.py | 2 ++ django/views/debug.py | 14 +++++++------- docs/releases/1.8.txt | 4 ++++ tests/view_tests/tests/test_debug.py | 5 +++++ 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/django/core/handlers/base.py b/django/core/handlers/base.py index 2d1d61ce18..162fdc3fed 100644 --- a/django/core/handlers/base.py +++ b/django/core/handlers/base.py @@ -183,6 +183,8 @@ class BaseHandler(object): 'status_code': 400, 'request': request }) + if settings.DEBUG: + return debug.technical_500_response(request, *sys.exc_info(), status_code=400) response = self.get_exception_response(request, resolver, 400) diff --git a/django/views/debug.py b/django/views/debug.py index eb610b7462..2997f2da7c 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -7,8 +7,8 @@ import sys import types from django.conf import settings -from django.http import (HttpResponse, HttpResponseServerError, - HttpResponseNotFound, HttpRequest, build_request_repr) +from django.http import (HttpResponse, HttpResponseNotFound, HttpRequest, + build_request_repr) from django.template import Template, Context, TemplateDoesNotExist from django.template.defaultfilters import force_escape, pprint from django.utils.datastructures import MultiValueDict @@ -65,7 +65,7 @@ def get_safe_settings(): return settings_dict -def technical_500_response(request, exc_type, exc_value, tb): +def technical_500_response(request, exc_type, exc_value, tb, status_code=500): """ Create a technical server error response. The last three arguments are the values returned from sys.exc_info() and friends. @@ -73,10 +73,10 @@ def technical_500_response(request, exc_type, exc_value, tb): reporter = ExceptionReporter(request, exc_type, exc_value, tb) if request.is_ajax(): text = reporter.get_traceback_text() - return HttpResponseServerError(text, content_type='text/plain') + return HttpResponse(text, status=status_code, content_type='text/plain') else: html = reporter.get_traceback_html() - return HttpResponseServerError(html, content_type='text/html') + return HttpResponse(html, status=status_code, content_type='text/html') # Cache for the default exception reporter filter instance. default_exception_reporter_filter = None @@ -987,7 +987,7 @@ Exception Value: {{ exception_value|force_escape }}

You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will - display a standard 500 page. + display a standard page generated by the handler for this status code.

{% endif %} @@ -1053,7 +1053,7 @@ Using settings module {{ settings.SETTINGS_MODULE }}{% for k, v in settings.item You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will -display a standard 500 page. +display a standard page generated by the handler for this status code. """ TECHNICAL_404_TEMPLATE = """ diff --git a/docs/releases/1.8.txt b/docs/releases/1.8.txt index ce9d35795c..3fd8b64e93 100644 --- a/docs/releases/1.8.txt +++ b/docs/releases/1.8.txt @@ -211,6 +211,10 @@ Requests and Responses ` method now handles paths starting with ``//`` correctly. +* If :setting:`DEBUG` is ``True`` and a request raises a + :exc:`~django.core.exceptions.SuspiciousOperation`, the response will be + rendered with a detailed error page. + Tests ^^^^^ diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 55a8ded31b..32a8304dca 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -44,6 +44,11 @@ class DebugViewTests(TestCase): self.assertContains(response, 'file_data.txt', status_code=500) self.assertNotContains(response, 'haha', status_code=500) + def test_400(self): + # Ensure that when DEBUG=True, technical_500_template() is called. + response = self.client.get('/raises400/') + self.assertContains(response, '