#18340 closed Bug (fixed)
formtools.utils.form_hmac is not consistent with unicode input
| Reported by: | Claude Paroz | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.formtools | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
This problem can only be reproduced with cPickle. When feeding the django.contrib.formtools.utils.form_hmac function with Unicode values, stripping the leading/ending spaces produces different pickled results than the unstripped identical values. Here is an output of the two form_hmac passes in the FormHmacTests.test_textfield_hash when you convert form values to Unicode:
(Pdb) p data, pickled
([('name', u'joe'), ('bio', u'Nothing notable.')], '\x80\x02]q\x01(U\x04nameq\x02X\x03\x00\x00\x00joeq\x03\x86q\x04U\x03bioq\x05X\x10\x00\x00\x00Nothing notable.q\x06\x86q\x07e.')
(Pdb) p data, pickled
([('name', u'joe'), ('bio', u'Nothing notable.')], '\x80\x02]q\x01(U\x04nameq\x02X\x03\x00\x00\x00joe\x86q\x03U\x03bioq\x04X\x10\x00\x00\x00Nothing notable.q\x05\x86q\x06e.')
Possible workarounds:
- use the (slower) pickle module only, as I don't think the performance penalty will be noticeable in this part of the code
- encode all unicode values to 'utf-8' (smart_str) before feeding them to pickle.dumps
- feed repr(data) to pickle.dumps
Attachments (1)
Change History (6)
by , 12 years ago
| Attachment: | 18340.diff added |
|---|
comment:1 by , 12 years ago
| Has patch: | set |
|---|
comment:2 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:4 by , 12 years ago
It's worth noting that while pickle currently seems to be idempotent, it's not guaranteed to anywhere in the spec. Relying on pickling python objects might not be the ideal solution here.
Note:
See TracTickets
for help on using tickets.
Do not use cPickle