Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #14812 -- Made parsing of the If-Modified-Since HTTP header mor…

…e robust in presence of malformed values when serving static content. Thanks shaohua for the report, and alexey.smolsky@gmail.com for a similar report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0714b0f39033a51e447bc1b3b03ffee6f9228105 1 parent e4b0a8f
Ramiro Morales authored November 30, 2010
5  django/contrib/staticfiles/views.py
@@ -150,7 +150,10 @@ def was_modified_since(header=None, mtime=0, size=0):
150 150
             raise ValueError
151 151
         matches = re.match(r"^([^;]+)(; length=([0-9]+))?$", header,
152 152
                            re.IGNORECASE)
153  
-        header_mtime = mktime_tz(parsedate_tz(matches.group(1)))
  153
+        header_date = parsedate_tz(matches.group(1))
  154
+        if header_date is None:
  155
+            raise ValueError
  156
+        header_mtime = mktime_tz(header_date)
154 157
         header_len = matches.group(3)
155 158
         if header_len and int(header_len) != size:
156 159
             raise ValueError
14  tests/regressiontests/views/tests/static.py
@@ -69,3 +69,17 @@ def test_invalid_if_modified_since(self):
69 69
         self.assertEquals(len(response.content),
70 70
                           int(response['Content-Length']))
71 71
 
  72
+    def test_invalid_if_modified_since2(self):
  73
+        """Handle even more bogus If-Modified-Since values gracefully
  74
+
  75
+        Assume that a file is modified since an invalid timestamp as per RFC
  76
+        2616, section 14.25.
  77
+        """
  78
+        file_name = 'file.txt'
  79
+        invalid_date = ': 1291108438, Wed, 20 Oct 2010 14:05:00 GMT'
  80
+        response = self.client.get('/views/site_media/%s' % file_name,
  81
+                                   HTTP_IF_MODIFIED_SINCE=invalid_date)
  82
+        file = open(path.join(media_dir, file_name))
  83
+        self.assertEquals(file.read(), response.content)
  84
+        self.assertEquals(len(response.content),
  85
+                          int(response['Content-Length']))

0 notes on commit 0714b0f

Please sign in to comment.
Something went wrong with that request. Please try again.