1. Matthew Schinckel
  2. werkzeug-main

Commits

mitsuhiko  committed d4c61b1

Fixed an unicode bug with the password hashing functions, added testcases
i forgot to commit.

  • Participants
  • Parent commits c3ffd26
  • Branches default

Comments (0)

Files changed (2)

File werkzeug/routing.py

View file
         self.greediness = 0
         self.redirect_to = redirect_to
 
-        self._trace = []
         if defaults is not None:
             self.arguments = set(map(str, defaults))
         else:
             self.arguments = set()
-        self._converters = {}
-        self._regex = None
-        self._weights = []
+        self._trace = self._converters = self._regex = self._weights = None
 
     def empty(self):
         """Return an unbound copy of this rule.  This can be useful if you
     def get_rules(self, map):
         yield self
 
-    def bind(self, map):
+    def refresh(self):
+        """Rebinds and refreshes the URL.  Call this if you modified the
+        rule in place.
+
+        :internal:
+        """
+        self.bind(self.map, rebind=True)
+
+    def bind(self, map, rebind=False):
         """Bind the url to a map and create a regular expression based on
         the information from the rule itself and the defaults from the map.
 
         :internal:
         """
-        if self.map is not None:
+        if self.map is not None and not rebind:
             raise RuntimeError('url rule %r already bound to map %r' %
                                (self, self.map))
         self.map = map
         rule = self.subdomain + '|' + (self.is_leaf and self.rule
                                        or self.rule.rstrip('/'))
 
+        self._trace = []
+        self._converters = {}
+        self._weights = []
+
         regex_parts = []
         for converter, arguments, variable in parse_rule(rule):
             if converter is None:

File werkzeug/security.py

View file
     if salt:
         if method not in _hash_mods:
             return None
+        if isinstance(salt, unicode):
+            salt = salt.encode('utf-8')
         h = hmac.new(salt, None, _hash_mods[method])
     else:
         if method not in _hash_funcs:
             return None
         h = _hash_funcs[method]()
+    if isinstance(password, unicode):
+        password = password.encode('utf-8')
     h.update(password)
     return h.hexdigest()
 
     :param method: the hash method to use (``'md5'`` or ``'sha1'``)
     :param salt_length: the lengt of the salt in letters
     """
-    if isinstance(password, unicode):
-        password = password.encode('utf-8')
     salt = method != 'plain' and gen_salt(salt_length) or ''
     h = _hash_internal(method, salt, password)
     if h is None:
                    :func:`generate_password_hash`
     :param password: the plaintext password to compare against the hash
     """
-    if isinstance(password, unicode):
-        password = password.encode('utf-8')
     if pwhash.count('$') < 2:
         return False
     method, salt, hashval = pwhash.split('$', 2)