From 82da63a81b3bc0d398a6c4232d799152ad52a769 Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Thu, 19 Dec 2013 08:55:06 +0100 Subject: [PATCH] check if hash is a base-16 string --- isso/views/comments.py | 4 ++-- specs/test_comments.py | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/isso/views/comments.py b/isso/views/comments.py index 1321193..f6420a6 100644 --- a/isso/views/comments.py +++ b/isso/views/comments.py @@ -170,7 +170,7 @@ class API(object): max_age=self.conf.getint('max-age')) rv["text"] = markdown(rv["text"]) - rv["hash"] = str(pbkdf2(rv['email'] or rv['remote_addr'], self.isso.salt, 1000, 6)) + rv["hash"] = pbkdf2(rv['email'] or rv['remote_addr'], self.isso.salt, 1000, 6).decode("utf-8") self.cache.set('hash', (rv['email'] or rv['remote_addr']).encode('utf-8'), rv['hash']) @@ -332,7 +332,7 @@ class API(object): val = self.cache.get('hash', key.encode('utf-8')) if val is None: - val = str(pbkdf2(key, self.isso.salt, 1000, 6)) + val = pbkdf2(key, self.isso.salt, 1000, 6).decode("utf-8") self.cache.set('hash', key.encode('utf-8'), val) item['hash'] = val diff --git a/specs/test_comments.py b/specs/test_comments.py index ee33e8c..10704d8 100644 --- a/specs/test_comments.py +++ b/specs/test_comments.py @@ -219,6 +219,7 @@ class TestComments(unittest.TestCase): b = loads(b.data) c = loads(c.data) + assert isinstance(int(a['hash'], 16), int) assert a['hash'] != '192.168.1.1' assert a['hash'] == b['hash'] assert a['hash'] != c['hash']