[Bug 1080204] Re: Regression in security upload - self-tests fail if MANAGERS is defined in settings.py

Bug Watch Updater 1080204 at bugs.launchpad.net
Wed Nov 21 01:36:25 UTC 2012 

** Changed in: python-django (Debian)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-django in Ubuntu.
https://bugs.launchpad.net/bugs/1080204

Title:
  Regression in security upload - self-tests fail if MANAGERS is defined
  in settings.py

Status in “python-django” package in Ubuntu:
  Fix Released
Status in “python-django” source package in Lucid:
  Fix Released
Status in “python-django” source package in Oneiric:
  Fix Released
Status in “python-django” source package in Precise:
  Fix Released
Status in “python-django” source package in Quantal:
  Fix Released
Status in “python-django” source package in Raring:
  Fix Released
Status in “python-django” package in Debian:
  Fix Released

Bug description:
  With the recent security upload of django, the self-tests will fail on
  any site, if the MANAGERS variable is defined in settings.py.  This is
  because the admin gets mail about the SuspiciousOperation traceback
  and the new test test_poisoned_http_host() only looks to see whether
  there's any mail at all, not who the mail is to or what it is.

  james at ornery:~/scratch/test/mysite$ python manage.py test
  Creating test database for alias 'default'...
  ..................................................................................> /usr/lib/python2.7/dist-packages/django/contrib/auth/tests/views.py(137)test_poisoned_http_host()
  -> self.assertEqual(len(mail.outbox), 0)
  (Pdb) print mail.outbox
  [<django.core.mail.message.EmailMultiAlternatives object at 0x263c490>]
  (Pdb) print mail.outbox[0].to
  ['your_email at example.com']
  (Pdb) print mail.outbox[0].subject
  [Django] ERROR (EXTERNAL IP): Internal Server Error: /password_reset/
  (Pdb) print mail.outbox[0].body
  Traceback (most recent call last):

    File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 89, in get_response
      response = middleware_method(request)

    File "/usr/lib/python2.7/dist-packages/django/middleware/common.py", line 55, in process_request
      host = request.get_host()

    File "/usr/lib/python2.7/dist-packages/django/http/__init__.py", line 218, in get_host
      raise SuspiciousOperation('Invalid HTTP_HOST header: %s' % host)

  SuspiciousOperation: Invalid HTTP_HOST header:
  www.example:dr.frankenstein at evil.tld

  
  <WSGIRequest
  path:/password_reset/,
  GET:<QueryDict: {}>,
  POST:<QueryDict: {u'email': [u'staffmember at example.com']}>,
  COOKIES:{},
  META:{'CONTENT_LENGTH': 111,
   'CONTENT_TYPE': 'multipart/form-data; boundary=BoUnDaRyStRiNg',
   'HTTP_COOKIE': '',
   'HTTP_HOST': 'www.example:dr.frankenstein at evil.tld',
   'PATH_INFO': u'/password_reset/',
   'QUERY_STRING': '',
   'REMOTE_ADDR': '127.0.0.1',
   'REQUEST_METHOD': 'POST',
   'SCRIPT_NAME': u'',
   'SERVER_NAME': 'testserver',
   'SERVER_PORT': '80',
   'SERVER_PROTOCOL': 'HTTP/1.1',
   'wsgi.errors': <cStringIO.StringO object at 0x2626fb8>,
   'wsgi.input': <django.test.client.FakePayload object at 0x2614790>,
   'wsgi.multiprocess': True,
   'wsgi.multithread': False,
   'wsgi.run_once': False,
   'wsgi.url_scheme': 'http',
   'wsgi.version': (1, 0)}>
  (Pdb)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1080204/+subscriptions

More information about the foundations-bugs mailing list