misc: return 400 on invalid context signature (#31666)
This commit is contained in:
parent
90c0cf6582
commit
b87525b073
|
@ -27,7 +27,7 @@ from django.core import signing
|
|||
from django.core.exceptions import ObjectDoesNotExist, PermissionDenied
|
||||
from django.db import transaction
|
||||
from django.http import (Http404, HttpResponse, HttpResponseRedirect,
|
||||
HttpResponsePermanentRedirect)
|
||||
HttpResponsePermanentRedirect, HttpResponseBadRequest)
|
||||
from django.shortcuts import render, resolve_url
|
||||
from django.template import engines
|
||||
from django.template.loader import get_template, TemplateDoesNotExist
|
||||
|
@ -142,7 +142,10 @@ def render_cell(request, cell):
|
|||
'absolute_uri': request.build_absolute_uri
|
||||
}
|
||||
if request.GET.get('ctx'):
|
||||
context.update(signing.loads(request.GET['ctx']))
|
||||
try:
|
||||
context.update(signing.loads(request.GET['ctx']))
|
||||
except signing.BadSignature:
|
||||
return HttpResponseBadRequest('bad signature')
|
||||
modify_global_context(request, context)
|
||||
|
||||
if cell.page_id:
|
||||
|
|
Loading…
Reference in New Issue