Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #15152 -- Avoided crash of CommonMiddleware on broken querystring

  • Loading branch information...
commit 973f539ab83bb46645f2f711190735c66a246797 1 parent 3e98d98
Aymeric Augustin aaugustin authored
13 django/middleware/common.py
@@ -6,6 +6,7 @@
6 6 from django import http
7 7 from django.core.mail import mail_managers
8 8 from django.utils.http import urlquote
  9 +from django.utils import six
9 10 from django.core import urlresolvers
10 11
11 12
@@ -87,7 +88,17 @@ def process_request(self, request):
87 88 else:
88 89 newurl = urlquote(new_url[1])
89 90 if request.META.get('QUERY_STRING', ''):
90   - newurl += '?' + request.META['QUERY_STRING']
  91 + if six.PY3:
  92 + newurl += '?' + request.META['QUERY_STRING']
  93 + else:
  94 + # `query_string` is a bytestring. Appending it to the unicode
  95 + # string `newurl` will fail if it isn't ASCII-only. This isn't
  96 + # allowed; only broken software generates such query strings.
  97 + # Better drop the invalid query string than crash (#15152).
  98 + try:
  99 + newurl += '?' + request.META['QUERY_STRING'].decode()
  100 + except UnicodeDecodeError:
  101 + pass
91 102 return http.HttpResponsePermanentRedirect(newurl)
92 103
93 104 def process_response(self, request, response):
9 tests/regressiontests/middleware/tests.py
@@ -294,6 +294,15 @@ def test_404_error_reporting_ignored_url(self):
294 294 CommonMiddleware().process_response(request, response)
295 295 self.assertEqual(len(mail.outbox), 0)
296 296
  297 + # Other tests
  298 +
  299 + def test_non_ascii_query_string_does_not_crash(self):
  300 + """Regression test for #15152"""
  301 + request = self._get_request('slash')
  302 + request.META['QUERY_STRING'] = 'drink=café'
  303 + response = CommonMiddleware().process_request(request)
  304 + self.assertEqual(response.status_code, 301)
  305 +
297 306
298 307 class ConditionalGetMiddlewareTest(TestCase):
299 308 urls = 'regressiontests.middleware.cond_get_urls'

0 comments on commit 973f539

Please sign in to comment.
Something went wrong with that request. Please try again.