mirrors/wagtail
mirrors/wagtail
0
0
Fork 0
mirror of https://github.com/wagtail/wagtail.git synced 2024-11-30 01:46:24 +01:00
Code Issues Releases Wiki Activity

Use constant_time_compare for view restriction password checks

Browse Source
This commit is contained in:
Matt Westcott 2020-04-28 14:45:23 +01:00 committed by Matt Westcott
parent 1ef36d0420
commit 6d660b0c27
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wagtail/core/forms.py
View File

@ -1,4 +1,5 @@
from django import forms from django import forms
from django.utils.crypto import constant_time_compare
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from django.utils.translation import gettext_lazy from django.utils.translation import gettext_lazy
@ -13,7 +14,7 @@ class PasswordViewRestrictionForm(forms.Form):
def clean_password(self): def clean_password(self):
data = self.cleaned_data['password'] data = self.cleaned_data['password']
if data != self.restriction.password: if not constant_time_compare(data, self.restriction.password):
raise forms.ValidationError(_("The password you have entered is not correct. Please try again.")) raise forms.ValidationError(_("The password you have entered is not correct. Please try again."))
return data return data