Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.

Thanks mitsuhiko for the report.

Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
  • Loading branch information...
commit 8aaca651cf5732bbf395d24a7d9f2edfab00250c 1 parent ae7f9af
Aymeric Augustin authored
18  django/core/handlers/wsgi.py
@@ -136,7 +136,8 @@ def _get_request(self):
136 136
     def _get_get(self):
137 137
         if not hasattr(self, '_get'):
138 138
             # The WSGI spec says 'QUERY_STRING' may be absent.
139  
-            self._get = http.QueryDict(self.environ.get('QUERY_STRING', ''), encoding=self._encoding)
  139
+            raw_query_string = get_bytes_from_wsgi(self.environ, 'QUERY_STRING', '')
  140
+            self._get = http.QueryDict(raw_query_string, encoding=self._encoding)
140 141
         return self._get
141 142
 
142 143
     def _set_get(self, get):
@@ -152,7 +153,8 @@ def _set_post(self, post):
152 153
 
153 154
     def _get_cookies(self):
154 155
         if not hasattr(self, '_cookies'):
155  
-            self._cookies = http.parse_cookie(self.environ.get('HTTP_COOKIE', ''))
  156
+            raw_cookie = get_str_from_wsgi(self.environ, 'HTTP_COOKIE', '')
  157
+            self._cookies = http.parse_cookie(raw_cookie)
156 158
         return self._cookies
157 159
 
158 160
     def _set_cookies(self, cookies):
@@ -265,3 +267,15 @@ def get_bytes_from_wsgi(environ, key, default):
265 267
     # decoded with ISO-8859-1. This is wrong for Django websites where UTF-8
266 268
     # is the default. Re-encode to recover the original bytestring.
267 269
     return value if six.PY2 else value.encode(ISO_8859_1)
  270
+
  271
+
  272
+def get_str_from_wsgi(environ, key, default):
  273
+    """
  274
+    Get a value from the WSGI environ dictionary as bytes.
  275
+
  276
+    key and default should be str objects. Under Python 2 they may also be
  277
+    unicode objects provided they only contain ASCII characters.
  278
+    """
  279
+    value = environ.get(str(key), str(default))
  280
+    # Same comment as above
  281
+    return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8)
15  tests/handlers/tests.py
... ...
@@ -1,8 +1,11 @@
1  
-from django.core.handlers.wsgi import WSGIHandler
  1
+from __future__ import unicode_literals
  2
+
  3
+from django.core.handlers.wsgi import WSGIHandler, WSGIRequest
2 4
 from django.core.signals import request_started, request_finished
3 5
 from django.db import close_old_connections, connection
4 6
 from django.test import RequestFactory, TestCase, TransactionTestCase
5 7
 from django.test.utils import override_settings
  8
+from django.utils import six
6 9
 
7 10
 
8 11
 class HandlerTests(TestCase):
@@ -30,11 +33,19 @@ def test_lock_safety(self):
30 33
     def test_bad_path_info(self):
31 34
         """Tests for bug #15672 ('request' referenced before assignment)"""
32 35
         environ = RequestFactory().get('/').environ
33  
-        environ['PATH_INFO'] = '\xed'
  36
+        environ['PATH_INFO'] = b'\xed' if six.PY2 else '\xed'
34 37
         handler = WSGIHandler()
35 38
         response = handler(environ, lambda *a, **k: None)
36 39
         self.assertEqual(response.status_code, 400)
37 40
 
  41
+    def test_non_ascii_cookie(self):
  42
+        """Test that non-ASCII cookies set in JavaScript are properly decoded (#20557)."""
  43
+        environ = RequestFactory().get('/').environ
  44
+        raw_cookie = 'want="café"'.encode('utf-8')
  45
+        environ['HTTP_COOKIE'] = raw_cookie if six.PY2 else raw_cookie.decode('iso-8859-1')
  46
+        request = WSGIRequest(environ)
  47
+        self.assertEqual(request.COOKIES['want'], "café")
  48
+
38 49
 
39 50
 class TransactionsPerRequestTests(TransactionTestCase):
40 51
 

0 notes on commit 8aaca65

Please sign in to comment.
Something went wrong with that request. Please try again.