diff options
| author | Rob Hudson | 2008-10-07 12:37:04 -0700 |
|---|---|---|
| committer | Rob Hudson | 2008-10-07 12:37:04 -0700 |
| commit | 03400c2c6b00ca8310cad7f30ac215d2b80d94b2 (patch) | |
| tree | aafdc8200d6f2ca231963b7ebc53105ff31ea9db | |
| parent | 822988142666fccb216a17ef3abbee7b6bbcf76b (diff) | |
| download | django-debug-toolbar-03400c2c6b00ca8310cad7f30ac215d2b80d94b2.tar.bz2 | |
Updating SQL views to return HttpResponseBadRequest on tamper detection.
| -rw-r--r-- | debug_toolbar/views.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py index b75397b..e3bb5b1 100644 --- a/debug_toolbar/views.py +++ b/debug_toolbar/views.py @@ -35,7 +35,7 @@ def sql_select(request): params = request.GET.get('params', '') hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): - return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert + return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert if sql.lower().startswith('select'): params = simplejson.loads(params) cursor = connection.cursor() @@ -66,7 +66,7 @@ def sql_explain(request): params = request.GET.get('params', '') hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): - return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert + return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert if sql.lower().startswith('select'): params = simplejson.loads(params) cursor = connection.cursor() @@ -97,7 +97,7 @@ def sql_profile(request): params = request.GET.get('params', '') hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() if hash != request.GET.get('hash', ''): - return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert + return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert if sql.lower().startswith('select'): params = simplejson.loads(params) cursor = connection.cursor() |