misc: return 400 on invalid context signature (#31666)

This commit is contained in:
Frédéric Péters 2019-03-23 17:54:11 +01:00
parent 90c0cf6582
commit b87525b073
1 changed files with 5 additions and 2 deletions

View File

@ -27,7 +27,7 @@ from django.core import signing
from django.core.exceptions import ObjectDoesNotExist, PermissionDenied
from django.db import transaction
from django.http import (Http404, HttpResponse, HttpResponseRedirect,
HttpResponsePermanentRedirect)
HttpResponsePermanentRedirect, HttpResponseBadRequest)
from django.shortcuts import render, resolve_url
from django.template import engines
from django.template.loader import get_template, TemplateDoesNotExist
@ -142,7 +142,10 @@ def render_cell(request, cell):
'absolute_uri': request.build_absolute_uri
}
if request.GET.get('ctx'):
context.update(signing.loads(request.GET['ctx']))
try:
context.update(signing.loads(request.GET['ctx']))
except signing.BadSignature:
return HttpResponseBadRequest('bad signature')
modify_global_context(request, context)
if cell.page_id: