Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #20356 -- Prevented crash when HTTP_REFERER contains non-ascii

Thanks srusskih for the report and Aymeric Augustin for the review.
  • Loading branch information...
commit 8fd44b2551b9cca765b216a31306f9c6935f1492 1 parent 051cb1f
Claude Paroz claudep authored
Showing with 11 additions and 2 deletions.
  1. +2 −1  django/middleware/common.py
  2. +9 −1 tests/middleware/tests.py
3  django/middleware/common.py
View
@@ -7,6 +7,7 @@
from django.core.mail import mail_managers
from django.core import urlresolvers
from django import http
+from django.utils.encoding import force_text
from django.utils.http import urlquote
from django.utils import six
@@ -140,7 +141,7 @@ def process_response(self, request, response):
if response.status_code == 404 and not settings.DEBUG:
domain = request.get_host()
path = request.get_full_path()
- referer = request.META.get('HTTP_REFERER', '')
+ referer = force_text(request.META.get('HTTP_REFERER', ''), errors='replace')
is_internal = self.is_internal_request(domain, referer)
is_not_search_engine = '?' not in referer
is_ignorable = self.is_ignorable_404(path)
10 tests/middleware/tests.py
View
@@ -22,7 +22,7 @@
from django.utils import six
from django.utils.encoding import force_str
from django.utils.six.moves import xrange
-from django.utils.unittest import expectedFailure
+from django.utils.unittest import expectedFailure, skipIf
from transactions.tests import IgnorePendingDeprecationWarningsMixin
@@ -320,6 +320,14 @@ def test_404_error_reporting_ignored_url(self):
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
self.assertEqual(len(mail.outbox), 0)
+ @skipIf(six.PY3, "HTTP_REFERER is str type on Python 3")
+ def test_404_error_nonascii_referrer(self):
+ # Such referer strings should not happen, but anyway, if it happens,
+ # let's not crash
+ self.req.META['HTTP_REFERER'] = b'http://testserver/c/\xd0\xbb\xd0\xb8/'
+ BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
+ self.assertEqual(len(mail.outbox), 1)
+
class ConditionalGetMiddlewareTest(TestCase):
urls = 'middleware.cond_get_urls'
Please sign in to comment.
Something went wrong with that request. Please try again.