Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #14812 -- Made parsing of the If-Modified-Since HTTP header mor…

…e robust in presence of malformed values when serving static content. Thanks shaohua for the report, and alexey.smolsky@gmail.com for a similar report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0714b0f39033a51e447bc1b3b03ffee6f9228105 1 parent e4b0a8f
@ramiro ramiro authored
View
5 django/contrib/staticfiles/views.py
@@ -150,7 +150,10 @@ def was_modified_since(header=None, mtime=0, size=0):
raise ValueError
matches = re.match(r"^([^;]+)(; length=([0-9]+))?$", header,
re.IGNORECASE)
- header_mtime = mktime_tz(parsedate_tz(matches.group(1)))
+ header_date = parsedate_tz(matches.group(1))
+ if header_date is None:
+ raise ValueError
+ header_mtime = mktime_tz(header_date)
header_len = matches.group(3)
if header_len and int(header_len) != size:
raise ValueError
View
14 tests/regressiontests/views/tests/static.py
@@ -69,3 +69,17 @@ def test_invalid_if_modified_since(self):
self.assertEquals(len(response.content),
int(response['Content-Length']))
+ def test_invalid_if_modified_since2(self):
+ """Handle even more bogus If-Modified-Since values gracefully
+
+ Assume that a file is modified since an invalid timestamp as per RFC
+ 2616, section 14.25.
+ """
+ file_name = 'file.txt'
+ invalid_date = ': 1291108438, Wed, 20 Oct 2010 14:05:00 GMT'
+ response = self.client.get('/views/site_media/%s' % file_name,
+ HTTP_IF_MODIFIED_SINCE=invalid_date)
+ file = open(path.join(media_dir, file_name))
+ self.assertEquals(file.read(), response.content)
+ self.assertEquals(len(response.content),
+ int(response['Content-Length']))
Please sign in to comment.
Something went wrong with that request. Please try again.