From 871e6d6a9d1c453716f68e4e88268961d067b26d Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 26 Jun 2019 14:32:20 -0700 Subject: [PATCH] don't clear BadRequestKeyError args --- CHANGES.rst | 10 ++++++++++ flask/__init__.py | 2 +- flask/app.py | 10 +++++----- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index cd2cd09f..c92b384e 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,15 @@ .. currentmodule:: flask +Version 1.0.4 +------------- + +Unreleased + +- The key information for ``BadRequestKeyError`` is no longer cleared + outside debug mode, so error handlers can still access it. This + requires upgrading to Werkzeug 0.15.5. :issue:`3249` + + Version 1.0.3 ------------- diff --git a/flask/__init__.py b/flask/__init__.py index 1189e751..e514a8e1 100644 --- a/flask/__init__.py +++ b/flask/__init__.py @@ -10,7 +10,7 @@ :license: BSD-3-Clause """ -__version__ = '1.0.3' +__version__ = '1.0.4.dev' # utilities we import from Werkzeug and Jinja2 that are unused # in the module but are exported as public interface. diff --git a/flask/app.py b/flask/app.py index 0396865e..38fb7566 100644 --- a/flask/app.py +++ b/flask/app.py @@ -1724,14 +1724,14 @@ class Flask(_PackageBoundObject): if isinstance(e, BadRequestKeyError): if self.debug or self.config["TRAP_BAD_REQUEST_ERRORS"]: + e.show_exception = True + # Werkzeug < 0.15 doesn't add the KeyError to the 400 # message, add it in manually. - description = e.get_description() - - if e.args[0] not in description: + # TODO: clean up once Werkzeug >= 0.15.5 is required + if e.args[0] not in e.get_description(): e.description = "KeyError: '{}'".format(*e.args) - else: - # Werkzeug >= 0.15 does add it, remove it in production + elif not hasattr(BadRequestKeyError, "show_exception"): e.args = () if isinstance(e, HTTPException) and not self.trap_http_exception(e):