angler-fishThe Vulnerability History Project

Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.

      SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
by Stephanie the Shih Tzu 2013-05-15 23:14:28 UTC
commit d228c1192ed59ab0114d9eba82ac99df611652d2
Django VCC 1File 2File RedFile BlueFile CVE-2014-0481
django/conf/urls/__init__.py
+1 -2
django/contrib/admin/exceptions.py
-6
django/contrib/admin/views/main.py
+1 -2
django/contrib/auth/tests/test_views.py
+15 -21
django/contrib/formtools/exceptions.py
-6
django/contrib/formtools/wizard/storage/cookie.py
+2 -2
django/contrib/sessions/backends/base.py
+3 -11
django/contrib/sessions/backends/cached_db.py
+1 -8
django/contrib/sessions/backends/db.py
+2 -8
django/contrib/sessions/backends/file.py
+2 -10
django/contrib/sessions/exceptions.py
-11
django/contrib/sessions/tests.py
+4 -16
django/core/exceptions.py
+7 -27
django/core/files/storage.py
+2 -2
django/core/handlers/base.py
+2 -18
django/core/urlresolvers.py
-3
django/http/multipartparser.py
+2 -2
django/http/request.py
+2 -2
django/http/response.py
+2 -2
django/test/utils.py
-20
django/utils/log.py
-5
django/views/defaults.py
-15
docs/ref/exceptions.txt
+3 -18
docs/releases/1.6.txt
-7
docs/topics/http/views.txt
-22
docs/topics/logging.txt
+1 -30
tests/admin_views/tests.py
+17 -17
tests/handlers/tests.py
-9
tests/handlers/urls.py
-1
tests/handlers/views.py
-4
tests/logging_tests/tests.py
+2 -22
tests/logging_tests/urls.py
-10
tests/logging_tests/views.py
-11
tests/test_client_regress/tests.py
+3 -3
tests/test_client_regress/views.py
+2 -5
tests/urlpatterns_reverse/tests.py
+1 -3
tests/urlpatterns_reverse/urls_error_handlers.py
-1
tests/urlpatterns_reverse/urls_error_handlers_callables.py
-1
expand_less