From 03400c2c6b00ca8310cad7f30ac215d2b80d94b2 Mon Sep 17 00:00:00 2001
From: Rob Hudson
Date: Tue, 7 Oct 2008 12:37:04 -0700
Subject: Updating SQL views to return HttpResponseBadRequest on tamper
detection.
---
debug_toolbar/views.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py
index b75397b..e3bb5b1 100644
--- a/debug_toolbar/views.py
+++ b/debug_toolbar/views.py
@@ -35,7 +35,7 @@ def sql_select(request):
params = request.GET.get('params', '')
hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
if hash != request.GET.get('hash', ''):
- return HttpResponse('Tamper alert
') # SQL Tampering alert
+ return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().startswith('select'):
params = simplejson.loads(params)
cursor = connection.cursor()
@@ -66,7 +66,7 @@ def sql_explain(request):
params = request.GET.get('params', '')
hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
if hash != request.GET.get('hash', ''):
- return HttpResponse('Tamper alert
') # SQL Tampering alert
+ return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().startswith('select'):
params = simplejson.loads(params)
cursor = connection.cursor()
@@ -97,7 +97,7 @@ def sql_profile(request):
params = request.GET.get('params', '')
hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
if hash != request.GET.get('hash', ''):
- return HttpResponse('Tamper alert
') # SQL Tampering alert
+ return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
if sql.lower().startswith('select'):
params = simplejson.loads(params)
cursor = connection.cursor()
--
cgit v1.2.3