Ticket #7919: hashcompat.diff
File hashcompat.diff, 18.7 KB (added by , 16 years ago) |
---|
-
django/db/backends/util.py
1 1 import datetime 2 import md53 2 from time import time 3 from django.utils.hashcompat import md5_constructor 4 4 5 5 try: 6 6 import decimal … … 114 114 if length is None or len(name) <= length: 115 115 return name 116 116 117 hash = md5 .md5(name).hexdigest()[:4]117 hash = md5_constructor(name).hexdigest()[:4] 118 118 119 119 return '%s%s' % (name[:length-4], hash) 120 120 -
django/db/backends/mysql/base.py
3 3 4 4 Requires MySQLdb: http://sourceforge.net/projects/mysql-python 5 5 """ 6 6 import types 7 7 from django.db.backends import BaseDatabaseWrapper, BaseDatabaseFeatures, BaseDatabaseOperations, util 8 8 try: 9 9 import MySQLdb as Database … … 39 39 # TIME columns as timedelta -- they are more like timedelta in terms of actual 40 40 # behavior as they are signed and include days -- and Django expects time, so 41 41 # we still need to override that. 42 43 def mysql_typecast_boolean(s): 44 if s is None: return None 45 return int(s) == 1 46 42 47 django_conversions = conversions.copy() 43 48 django_conversions.update({ 49 types.BooleanType: util.rev_typecast_boolean, 50 FIELD_TYPE.TINY: mysql_typecast_boolean, 44 51 FIELD_TYPE.TIME: util.typecast_time, 45 52 FIELD_TYPE.DECIMAL: util.typecast_decimal, 46 53 FIELD_TYPE.NEWDECIMAL: util.typecast_decimal, -
django/core/cache/backends/filebased.py
1 1 "File-based cache backend" 2 2 3 import md54 3 import os, time 5 4 try: 6 5 import cPickle as pickle 7 6 except ImportError: 8 7 import pickle 9 8 from django.core.cache.backends.base import BaseCache 9 from django.utils.hashcompat import md5_constructor 10 10 11 11 class CacheClass(BaseCache): 12 12 def __init__(self, dir, params): … … 137 137 Thus, a cache key of "foo" gets turnned into a file named 138 138 ``{cache-dir}ac/bd/18db4cc2f85cedef654fccc4a4d8``. 139 139 """ 140 path = md5 .new(key.encode('utf-8')).hexdigest()140 path = md5_constructor(key.encode('utf-8')).hexdigest() 141 141 path = os.path.join(path[:2], path[2:4], path[4:]) 142 142 return os.path.join(self._dir, path) 143 143 -
django/contrib/formtools/wizard.py
10 10 from django.shortcuts import render_to_response 11 11 from django.template.context import RequestContext 12 12 import cPickle as pickle 13 import md5 13 from django.utils.hashcompat import md5_constructor 14 14 15 15 class FormWizard(object): 16 16 # Dictionary of extra template context variables. … … 150 150 # Use HIGHEST_PROTOCOL because it's the most efficient. It requires 151 151 # Python 2.3, but Django requires 2.3 anyway, so that's OK. 152 152 pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL) 153 return md5 .new(pickled).hexdigest()153 return md5_constructor(pickled).hexdigest() 154 154 155 155 def determine_step(self, request, *args, **kwargs): 156 156 """ -
django/contrib/formtools/preview.py
7 7 from django.shortcuts import render_to_response 8 8 from django.template.context import RequestContext 9 9 import cPickle as pickle 10 import md5 10 from django.utils.hashcompat import md5_constructor 11 11 12 12 AUTO_ID = 'formtools_%s' # Each form here uses this as its auto_id parameter. 13 13 … … 109 109 # Use HIGHEST_PROTOCOL because it's the most efficient. It requires 110 110 # Python 2.3, but Django requires 2.3 anyway, so that's OK. 111 111 pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL) 112 return md5 .new(pickled).hexdigest()112 return md5_constructor(pickled).hexdigest() 113 113 114 114 def failed_hash(self, request): 115 115 "Returns an HttpResponse in the case of an invalid security hash." -
django/contrib/comments/models.py
29 29 'pa,ra') and target (something like 'lcom.eventtimes:5157'). Used to 30 30 validate that submitted form options have not been tampered-with. 31 31 """ 32 import md533 return md5 .new(options + photo_options + rating_options + target + settings.SECRET_KEY).hexdigest()32 from django.utils.hashcompat import md5_constructor 33 return md5_constructor(options + photo_options + rating_options + target + settings.SECRET_KEY).hexdigest() 34 34 35 35 def get_rating_options(self, rating_string): 36 36 """ -
django/contrib/admin/views/decorators.py
1 1 import base64 2 import md53 2 import cPickle as pickle 4 3 try: 5 4 from functools import wraps … … 12 11 from django.contrib.auth import authenticate, login 13 12 from django.shortcuts import render_to_response 14 13 from django.utils.translation import ugettext_lazy, ugettext as _ 14 from django.utils.hashcompat import md5_constructor 15 15 16 16 ERROR_MESSAGE = ugettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.") 17 17 LOGIN_FORM_KEY = 'this_is_the_login_form' … … 35 35 36 36 def _encode_post_data(post_data): 37 37 pickled = pickle.dumps(post_data) 38 pickled_md5 = md5 .new(pickled + settings.SECRET_KEY).hexdigest()38 pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest() 39 39 return base64.encodestring(pickled + pickled_md5) 40 40 41 41 def _decode_post_data(encoded_data): 42 42 encoded_data = base64.decodestring(encoded_data) 43 43 pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] 44 if md5 .new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:44 if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: 45 45 from django.core.exceptions import SuspiciousOperation 46 46 raise SuspiciousOperation, "User may have tampered with session cookie." 47 47 return pickle.loads(pickled) -
django/contrib/admin/sites.py
12 12 import base64 13 13 import cPickle as pickle 14 14 import datetime 15 import md5 15 from django.utils.hashcompat import md5_constructor 16 16 import re 17 17 18 18 ERROR_MESSAGE = ugettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.") … … 29 29 def _encode_post_data(post_data): 30 30 from django.conf import settings 31 31 pickled = pickle.dumps(post_data) 32 pickled_md5 = md5 .new(pickled + settings.SECRET_KEY).hexdigest()32 pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest() 33 33 return base64.encodestring(pickled + pickled_md5) 34 34 35 35 def _decode_post_data(encoded_data): 36 36 from django.conf import settings 37 37 encoded_data = base64.decodestring(encoded_data) 38 38 pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] 39 if md5 .new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:39 if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: 40 40 from django.core.exceptions import SuspiciousOperation 41 41 raise SuspiciousOperation, "User may have tampered with session cookie." 42 42 return pickle.loads(pickled) -
django/contrib/csrf/middleware.py
8 8 from django.conf import settings 9 9 from django.http import HttpResponseForbidden 10 10 from django.utils.safestring import mark_safe 11 import md5 11 from django.utils.hashcompat import md5_constructor 12 12 import re 13 13 import itertools 14 14 … … 20 20 _HTML_TYPES = ('text/html', 'application/xhtml+xml') 21 21 22 22 def _make_token(session_id): 23 return md5 .new(settings.SECRET_KEY + session_id).hexdigest()23 return md5_constructor(settings.SECRET_KEY + session_id).hexdigest() 24 24 25 25 class CsrfMiddleware(object): 26 26 """Django middleware that adds protection against Cross Site -
django/contrib/auth/tokens.py
50 50 # last_login will also change), we produce a hash that will be 51 51 # invalid as soon as it is used. 52 52 # We limit the hash to 20 chars to keep URL short 53 import sha54 hash = sha .new(settings.SECRET_KEY + unicode(user.id) +55 user.password + unicode(user.last_login) +56 unicode(timestamp)).hexdigest()[::2]53 from django.utils.hashcompat import sha_constructor 54 hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) + 55 user.password + unicode(user.last_login) + 56 unicode(timestamp)).hexdigest()[::2] 57 57 return "%s-%s" % (ts_b36, hash) 58 58 59 59 def _num_days(self, dt): -
django/contrib/sessions/backends/base.py
1 1 import base64 2 import md53 2 import os 4 3 import random 5 4 import sys … … 12 11 13 12 from django.conf import settings 14 13 from django.core.exceptions import SuspiciousOperation 14 from django.utils.hashcompat import md5_constructor 15 15 16 17 16 class SessionBase(object): 18 17 """ 19 18 Base class for all Session classes. … … 73 72 def encode(self, session_dict): 74 73 "Returns the given session dictionary pickled and encoded as a string." 75 74 pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL) 76 pickled_md5 = md5 .new(pickled + settings.SECRET_KEY).hexdigest()75 pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest() 77 76 return base64.encodestring(pickled + pickled_md5) 78 77 79 78 def decode(self, session_data): 80 79 encoded_data = base64.decodestring(session_data) 81 80 pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] 82 if md5 .new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:81 if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: 83 82 raise SuspiciousOperation("User tampered with session cookie.") 84 83 try: 85 84 return pickle.loads(pickled) … … 117 116 # No getpid() in Jython, for example 118 117 pid = 1 119 118 while 1: 120 session_key = md5 .new("%s%s%s%s" % (random.randint(0, sys.maxint - 1),121 pid, time.time(), settings.SECRET_KEY)).hexdigest()119 session_key = md5_constructor("%s%s%s%s" % (random.randint(0, sys.maxint - 1), 120 pid, time.time(), settings.SECRET_KEY)).hexdigest() 122 121 if not self.exists(session_key): 123 122 break 124 123 return session_key -
django/contrib/sessions/models.py
1 1 import base64 2 import md53 2 import cPickle as pickle 4 3 5 4 from django.db import models 6 5 from django.utils.translation import ugettext_lazy as _ 7 6 from django.conf import settings 7 from django.utils.hashcompat import md5_constructor 8 8 9 9 10 10 class SessionManager(models.Manager): … … 13 13 Returns the given session dictionary pickled and encoded as a string. 14 14 """ 15 15 pickled = pickle.dumps(session_dict) 16 pickled_md5 = md5 .new(pickled + settings.SECRET_KEY).hexdigest()16 pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest() 17 17 return base64.encodestring(pickled + pickled_md5) 18 18 19 19 def save(self, session_key, session_dict, expire_date): … … 56 56 def get_decoded(self): 57 57 encoded_data = base64.decodestring(self.session_data) 58 58 pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] 59 if md5 .new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:59 if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: 60 60 from django.core.exceptions import SuspiciousOperation 61 61 raise SuspiciousOperation, "User tampered with session cookie." 62 62 try: -
django/utils/cache.py
17 17 "Accept-language" header. 18 18 """ 19 19 20 import md521 20 import re 22 21 import time 23 22 try: … … 29 28 from django.core.cache import cache 30 29 from django.utils.encoding import smart_str, iri_to_uri 31 30 from django.utils.http import http_date 31 from django.utils.hashcompat import md5_constructor 32 32 33 33 cc_delim_re = re.compile(r'\s*,\s*') 34 34 … … 104 104 if cache_timeout < 0: 105 105 cache_timeout = 0 # Can't have max-age negative 106 106 if not response.has_header('ETag'): 107 response['ETag'] = '"%s"' % md5 .new(response.content).hexdigest()107 response['ETag'] = '"%s"' % md5_constructor(response.content).hexdigest() 108 108 if not response.has_header('Last-Modified'): 109 109 response['Last-Modified'] = http_date() 110 110 if not response.has_header('Expires'): … … 138 138 139 139 def _generate_cache_key(request, headerlist, key_prefix): 140 140 """Returns a cache key from the headers given in the header list.""" 141 ctx = md5 .new()141 ctx = md5_constructor() 142 142 for header in headerlist: 143 143 value = request.META.get(header, None) 144 144 if value is not None: -
django/utils/hashcompat.py
1 try: 2 import hashlib 3 md5_constructor = hashlib.md5 4 sha_constructor = hashlib.sha1 5 except ImportError: 6 import md5 7 md5_constructor = md5.new 8 import sha 9 sha_constructor = sha.new 10 11 No newline at end of file -
django/middleware/common.py
1 import md52 1 import re 3 2 4 3 from django.conf import settings … … 6 5 from django.core.mail import mail_managers 7 6 from django.utils.http import urlquote 8 7 from django.core import urlresolvers 8 from django.utils.hashcompat import md5_constructor 9 9 10 10 class CommonMiddleware(object): 11 11 """ … … 108 108 if response.has_header('ETag'): 109 109 etag = response['ETag'] 110 110 else: 111 etag = '"%s"' % md5 .new(response.content).hexdigest()111 etag = '"%s"' % md5_constructor(response.content).hexdigest() 112 112 if response.status_code >= 200 and response.status_code < 300 and request.META.get('HTTP_IF_NONE_MATCH') == etag: 113 113 cookies = response.cookies 114 114 response = http.HttpResponseNotModified() -
tests/regressiontests/cache/tests.py
99 99 self.assertEqual(cache.get(key), value) 100 100 101 101 import os 102 import md5103 102 import shutil 104 103 import tempfile 105 104 from django.core.cache.backends.filebased import CacheClass as FileCache 105 from django.utils.hashcompat import md5_constructor 106 106 107 107 class FileBasedCacheTests(unittest.TestCase): 108 108 """ … … 119 119 def test_hashing(self): 120 120 """Test that keys are hashed into subdirectories correctly""" 121 121 self.cache.set("foo", "bar") 122 keyhash = md5 .new("foo").hexdigest()122 keyhash = md5_constructor("foo").hexdigest() 123 123 keypath = os.path.join(self.dirname, keyhash[:2], keyhash[2:4], keyhash[4:]) 124 124 self.assert_(os.path.exists(keypath)) 125 125 … … 128 128 Make sure that the created subdirectories are correctly removed when empty. 129 129 """ 130 130 self.cache.set("foo", "bar") 131 keyhash = md5 .new("foo").hexdigest()131 keyhash = md5_constructor("foo").hexdigest() 132 132 keypath = os.path.join(self.dirname, keyhash[:2], keyhash[2:4], keyhash[4:]) 133 133 self.assert_(os.path.exists(keypath)) 134 134 -
tests/regressiontests/file_uploads/tests.py
1 1 import os 2 2 import errno 3 import sha4 3 import shutil 5 4 import unittest 6 5 … … 8 7 from django.core.files.uploadedfile import SimpleUploadedFile 9 8 from django.test import TestCase, client 10 9 from django.utils import simplejson 10 from django.utils.hashcompat import sha_constructor 11 11 12 12 from models import FileModel, UPLOAD_ROOT, UPLOAD_TO 13 13 … … 45 45 46 46 for key in post_data.keys(): 47 47 try: 48 post_data[key + '_hash'] = sha .new(post_data[key].read()).hexdigest()48 post_data[key + '_hash'] = sha_constructor(post_data[key].read()).hexdigest() 49 49 post_data[key].seek(0) 50 50 except AttributeError: 51 post_data[key + '_hash'] = sha .new(post_data[key]).hexdigest()51 post_data[key + '_hash'] = sha_constructor(post_data[key]).hexdigest() 52 52 53 53 response = self.client.post('/file_uploads/verify/', post_data) 54 54 -
tests/regressiontests/test_client_regress/models.py
6 6 from django.core.urlresolvers import reverse 7 7 from django.core.exceptions import SuspiciousOperation 8 8 import os 9 import sha10 9 11 10 class AssertContainsTests(TestCase): 12 11 def test_contains(self):