Browse files

Fixed #15152 -- Avoided crash of CommonMiddleware on broken querystring

  • Loading branch information...
1 parent 3e98d98 commit 973f539ab83bb46645f2f711190735c66a246797 @aaugustin aaugustin committed Nov 3, 2012
Showing with 21 additions and 1 deletion.
  1. +12 −1 django/middleware/common.py
  2. +9 −0 tests/regressiontests/middleware/tests.py
View
13 django/middleware/common.py
@@ -6,6 +6,7 @@
from django import http
from django.core.mail import mail_managers
from django.utils.http import urlquote
+from django.utils import six
from django.core import urlresolvers
@@ -87,7 +88,17 @@ def process_request(self, request):
else:
newurl = urlquote(new_url[1])
if request.META.get('QUERY_STRING', ''):
- newurl += '?' + request.META['QUERY_STRING']
+ if six.PY3:
+ newurl += '?' + request.META['QUERY_STRING']
+ else:
+ # `query_string` is a bytestring. Appending it to the unicode
+ # string `newurl` will fail if it isn't ASCII-only. This isn't
+ # allowed; only broken software generates such query strings.
+ # Better drop the invalid query string than crash (#15152).
+ try:
+ newurl += '?' + request.META['QUERY_STRING'].decode()
+ except UnicodeDecodeError:
+ pass
return http.HttpResponsePermanentRedirect(newurl)
def process_response(self, request, response):
View
9 tests/regressiontests/middleware/tests.py
@@ -294,6 +294,15 @@ def test_404_error_reporting_ignored_url(self):
CommonMiddleware().process_response(request, response)
self.assertEqual(len(mail.outbox), 0)
+ # Other tests
+
+ def test_non_ascii_query_string_does_not_crash(self):
+ """Regression test for #15152"""
+ request = self._get_request('slash')
+ request.META['QUERY_STRING'] = 'drink=café'
+ response = CommonMiddleware().process_request(request)
+ self.assertEqual(response.status_code, 301)
+
class ConditionalGetMiddlewareTest(TestCase):
urls = 'regressiontests.middleware.cond_get_urls'

0 comments on commit 973f539

Please sign in to comment.