Code

Opened 6 years ago

Closed 6 years ago

Last modified 3 years ago

#8182 closed (fixed)

infinite loop iterating over context_processors.PermWrapper

Reported by: Uz Owned by:
Component: contrib.auth Version: master
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The template code below will cause an infinite memory-eating loop if context_processors.auth is enabled. My main issue with that is that it was incredibly hard to debug for me, when I passed my own 'perms' queryset to a template. So here's a (temporary) patch, to make it at least immediately fail.

{% for perm in perms %}
{% endfor %}

Attachments (2)

permwrapper.patch.bz2 (270 bytes) - added by Uz 6 years ago.
8182_with_docs.diff (2.4 KB) - added by benjixx 6 years ago.

Download all attachments as: .zip

Change History (8)

Changed 6 years ago by Uz

comment:1 Changed 6 years ago by Uz

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

permwrapper.patch only adds this to the PermWrapper class:

    def __iter__(self):
        raise NotImplementedError
}}

comment:2 Changed 6 years ago by cgrady

possible alternative?

    def __iter__(self):
        for p in self.user.get_all_permissions():
            yield p

Changed 6 years ago by benjixx

comment:3 Changed 6 years ago by benjixx

Added improved patch, which makes use of cgrady's idea.

The use of self.user.get_all_permissions() raised another problem -- this method doesn't exist for AnonymousUser. So I added the missing methods from User to the AnonymousUser class, providing adequate return values or raising NotImplementedError.

Updated docs for AnonymousUser as well.

comment:4 Changed 6 years ago by benjixx

  • Has patch set

comment:5 Changed 6 years ago by jacob

  • Resolution set to fixed
  • Status changed from new to closed

(In [8263]) No, really: PermWrapper is not iterable. Fixes #8182.

comment:6 Changed 3 years ago by jacob

  • milestone 1.0 beta deleted

Milestone 1.0 beta deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.