RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/django/django/commit/4f2765232336b8ad0afd8017d9d912ae93470017 below:

[5.0.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap t… · django/django@4f27652 · GitHub

File tree Expand file treeCollapse file tree 4 files changed

+33

-18

lines changed

Filter options

tests/template_tests/filter_tests

Expand file treeCollapse file tree 4 files changed

+33

-18

lines changed Original file line number Diff line number Diff line change


 @@ -1,6 +1,7 @@

1 1


 import gzip

2 2


 import re

3 3


 import secrets

4

+
 import textwrap

4 5


 import unicodedata

5 6


 from gzip import GzipFile

6 7


 from gzip import compress as gzip_compress


 @@ -97,24 +98,15 @@ def wrap(text, width):

97 98


  ``width``.

98 99

"""

99 100 100

-
 def _generator():

101

-
 for line in text.splitlines(True): # True keeps trailing linebreaks

102

-
 max_width = min((line.endswith("\n") and width + 1 or width), width)

103

-
 while len(line) > max_width:

104

-
 space = line[: max_width + 1].rfind(" ") + 1

105

-
 if space == 0:

106

-
 space = line.find(" ") + 1

107

-
 if space == 0:

108

-
 yield line

109

-
 line = ""

110

-
 break

111

-
 yield "%s\n" % line[: space - 1]

112

-
 line = line[space:]

113

-
 max_width = min((line.endswith("\n") and width + 1 or width), width)

114

-
 if line:

115

-
 yield line

116 - 117

-
 return "".join(_generator())

101

+
 wrapper = textwrap.TextWrapper(

102

+
 width=width,

103

+
 break_long_words=False,

104

+
 break_on_hyphens=False,

105

+
 )

106

+
 result = []

107

+
 for line in text.splitlines(True):

108

+
 result.extend(wrapper.wrap(line))

109

+
 return "\n".join(result)

118 110 119 111 120 112


 def add_truncation_text(text, truncate=None):

Original file line number Diff line number Diff line change


 @@ -5,3 +5,9 @@ Django 4.2.20 release notes

5 5


 *March 6, 2025*

6 6 7 7


 Django 4.2.20 fixes a security issue with severity "moderate" in 4.2.19.

8 + 9

+
 CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``

10

+
 =========================================================================================

11 + 12

+
 The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a

13

+
 potential denial-of-service attack when used with very long strings.

Original file line number Diff line number Diff line change


 @@ -5,3 +5,9 @@ Django 5.0.13 release notes

5 5


 *March 6, 2025*

6 6 7 7


 Django 5.0.13 fixes a security issue with severity "moderate" in 5.0.12.

8 + 9

+
 CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``

10

+
 =========================================================================================

11 + 12

+
 The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a

13

+
 potential denial-of-service attack when used with very long strings.

Original file line number Diff line number Diff line change


 @@ -78,3 +78,14 @@ def test_wrap_lazy_string(self):

78 78


 "this is a long\nparagraph of\ntext that\nreally needs\nto be wrapped\n"

79 79


 "I'm afraid",

80 80

81 + 82

+
 def test_wrap_long_text(self):

83

+
 long_text = (

84

+
 "this is a long paragraph of text that really needs"

85

+
 " to be wrapped I'm afraid " * 20_000

86

+
 )

87

+
 self.assertIn(

88

+
 "this is a\nlong\nparagraph\nof text\nthat\nreally\nneeds to\nbe wrapped\n"

89

+
 "I'm afraid",

90

+
 wordwrap(long_text, 10),

91

+
 )

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4