Opened 11 years ago
Closed 11 years ago
#21345 closed Bug (fixed)
Debug view calls callable settings
Reported by: | Aymeric Augustin | Owned by: | nobody |
---|---|---|---|
Component: | Core (Other) | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | bmispelon@… | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Reproduction instructions:
1) Add this to your settings file (I'm not saying it's a good idea)
def KABOOM(): raise ValueError("KABOOM!")
2) Create a view that raises an uncaught exception
3) Open the corresponding URL with DEBUG = True
Expected result:
Django's fancy debug page.
Actual result:
Non-descript error page: "A server error occurred. Please contact the administrator."
Here the function defined in the settings raises an exception; in fact the problem is that Django's debug page will call any callable setting that accepts being called without arguments. I admit it's a lousy idea to have callable settings; Django favors paths to callables; but it's still a lame behavior to call them arbitrarily :)
This was originally reported against the Debug Toolbar: https://github.com/django-debug-toolbar/django-debug-toolbar/issues/252. I'm duplicating the issue here because the Debug Toolbar took that code from Django itself. I'll update it to follow Django's behavior.
Change History (8)
comment:1 by , 11 years ago
comment:3 by , 11 years ago
Triage Stage: | Unreviewed → Accepted |
---|
I can reproduce this.
This seems to be caused by the template engine blindly calling anything passed to it.
We can fix this for settings by settings the do_not_call_in_templates
attribute on all the callable settings passed to the view's context:
-
django/views/debug.py
diff --git a/django/views/debug.py b/django/views/debug.py index 3d0a8c0..96d3e65 100644
a b def cleanse_setting(key, value): 46 46 except TypeError: 47 47 # If the key isn't regex-able, just return as-is. 48 48 cleansed = value 49 50 if callable(cleansed): 51 cleansed.do_not_call_in_templates = True 52 49 53 return cleansed 50 54 51 55 def get_safe_settings():
What do you think?
comment:6 by , 11 years ago
Has patch: | set |
---|
Pull request here: https://github.com/django/django/pull/1827
I added tests for this new feature as well as some missing ones (in a separate commit).
comment:7 by , 11 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
LGTM and all tests pass on SQLite Py2 and 3.
comment:8 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Dup/related to #21048?