$OpenBSD: patch-django_contrib_sessions_tests_py,v 1.1 2011/02/11 11:45:48 jasper Exp $

Security fix for SA43230.
http://www.djangoproject.com/weblog/2011/feb/08/security/

Patch from upstream svn -r15468.

--- django/contrib/sessions/tests.py.orig	Sat Feb 28 23:32:41 2009
+++ django/contrib/sessions/tests.py	Thu Feb 10 09:58:06 2011
@@ -129,6 +129,17 @@ True
 >>> file_session = FileSession(file_session.session_key)
 >>> file_session.save()
 
+# Ensure we don't allow directory traversal
+>>> FileSession("a/b/c").load()
+Traceback (innermost last):
+    ...
+SuspiciousOperation: Invalid characters in session key
+
+>>> FileSession("a\\b\\c").load()
+Traceback (innermost last):
+    ...
+SuspiciousOperation: Invalid characters in session key
+
 # Make sure the file backend checks for a good storage dir
 >>> settings.SESSION_FILE_PATH = "/if/this/directory/exists/you/have/a/weird/computer"
 >>> FileSession()
