Ticket #15025: 15025-technical-500-response-r15153.diff

django/views/debug.py

@@ -8 +8 @@
 from django.http import HttpResponse, HttpResponseServerError, HttpResponseNotFound
 from django.template import (Template, Context, TemplateDoesNotExist,
     TemplateSyntaxError)
+from django.template.defaultfilters import force_escape, pprint
 from django.utils.html import escape
 from django.utils.importlib import import_module
 from django.utils.encoding import smart_unicode, smart_str
 
-
 HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST|SIGNATURE')
 
 def linebreak_iter(template_source):
@@ -109 +109 @@
             self.get_template_exception_info()
 
         frames = self.get_traceback_frames()
+        for i, frame in enumerate(frames):
+            frame['vars'] = [(k, force_escape(pprint(v))) for k, v in frame['vars']]
+            frames[i] = frame
 
         unicode_hint = ''
         if issubclass(self.exc_type, UnicodeError):
@@ -547 +550 @@
                 {% for var in frame.vars|dictsort:"0" %}
                   <tr>
                     <td>{{ var.0|force_escape }}</td>
-                    <td class="code"><pre>{{ var.1|pprint|force_escape }}</pre></td>
+                    <td class="code"><pre>{{ var.1 }}</pre></td>
                   </tr>
                 {% endfor %}
               </tbody>

tests/regressiontests/views/views.py

@@ -36 +36 @@
         form_class=SlugChangingArticleForm)
 
 def raises(request):
+    # Make sure that a callable that raises an exception in the stack frame's
+    # local vars won't hijack the technical 500 response. See:
+    # http://code.djangoproject.com/ticket/15025
+    def callable():
+        raise Exception
     try:
         raise Exception
     except Exception: