Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#8182 closed (fixed)

infinite loop iterating over context_processors.PermWrapper

Reported by: Uz Owned by:
Component: contrib.auth Version: master
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The template code below will cause an infinite memory-eating loop if context_processors.auth is enabled. My main issue with that is that it was incredibly hard to debug for me, when I passed my own 'perms' queryset to a template. So here's a (temporary) patch, to make it at least immediately fail.

{% for perm in perms %}
{% endfor %}

Attachments (2)

permwrapper.patch.bz2 (270 bytes) - added by Uz 7 years ago.
8182_with_docs.diff (2.4 KB) - added by benjixx 7 years ago.

Download all attachments as: .zip

Change History (8)

Changed 7 years ago by Uz

comment:1 Changed 7 years ago by Uz

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

permwrapper.patch only adds this to the PermWrapper class:

    def __iter__(self):
        raise NotImplementedError
}}

comment:2 Changed 7 years ago by cgrady

possible alternative?

    def __iter__(self):
        for p in self.user.get_all_permissions():
            yield p

Changed 7 years ago by benjixx

comment:3 Changed 7 years ago by benjixx

Added improved patch, which makes use of cgrady's idea.

The use of self.user.get_all_permissions() raised another problem -- this method doesn't exist for AnonymousUser. So I added the missing methods from User to the AnonymousUser class, providing adequate return values or raising NotImplementedError.

Updated docs for AnonymousUser as well.

comment:4 Changed 7 years ago by benjixx

  • Has patch set

comment:5 Changed 7 years ago by jacob

  • Resolution set to fixed
  • Status changed from new to closed

(In [8263]) No, really: PermWrapper is not iterable. Fixes #8182.

comment:6 Changed 4 years ago by jacob

  • milestone 1.0 beta deleted

Milestone 1.0 beta deleted

Note: See TracTickets for help on using tickets.
Back to Top