Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #16201 -- Ensure that requests with Content-Length=0 don't brea…

…k the multipart parser. Thanks to albsen for the report and patch

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16353 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 9e952be26f7d26a90b06a05d3948283943320b7a 1 parent 046ffa4
Russell Keith-Magee authored June 10, 2011
7  django/http/multipartparser.py
@@ -75,7 +75,7 @@ def __init__(self, META, input_data, upload_handlers, encoding=None):
75 75
             # For now set it to 0; we'll try again later on down.
76 76
             content_length = 0
77 77
 
78  
-        if content_length <= 0:
  78
+        if content_length < 0:
79 79
             # This means we shouldn't continue...raise an error.
80 80
             raise MultiPartParserError("Invalid content length: %r" % content_length)
81 81
 
@@ -105,6 +105,11 @@ def parse(self):
105 105
         encoding = self._encoding
106 106
         handlers = self._upload_handlers
107 107
 
  108
+        # HTTP spec says that Content-Length >= 0 is valid
  109
+        # handling content-length == 0 before continuing
  110
+        if self._content_length == 0:
  111
+            return QueryDict(MultiValueDict(), encoding=self._encoding), MultiValueDict()
  112
+
108 113
         limited_input_data = LimitBytes(self._input_data, self._content_length)
109 114
 
110 115
         # See if the handler will want to take care of the parsing.
21  tests/regressiontests/requests/tests.py
@@ -239,6 +239,27 @@ def test_raw_post_data_after_POST_multipart(self):
239 239
         self.assertEqual(request.POST, {u'name': [u'value']})
240 240
         self.assertRaises(Exception, lambda: request.raw_post_data)
241 241
 
  242
+    def test_POST_multipart_with_content_length_zero(self):
  243
+        """
  244
+        Multipart POST requests with Content-Length >= 0 are valid and need to be handled.
  245
+        """
  246
+        # According to:
  247
+        # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
  248
+        # Every request.POST with Content-Length >= 0 is a valid request,
  249
+        # this test ensures that we handle Content-Length == 0.
  250
+        payload = "\r\n".join([
  251
+                '--boundary',
  252
+                'Content-Disposition: form-data; name="name"',
  253
+                '',
  254
+                'value',
  255
+                '--boundary--'
  256
+                ''])
  257
+        request = WSGIRequest({'REQUEST_METHOD': 'POST',
  258
+                               'CONTENT_TYPE': 'multipart/form-data; boundary=boundary',
  259
+                               'CONTENT_LENGTH': 0,
  260
+                               'wsgi.input': StringIO(payload)})
  261
+        self.assertEqual(request.POST, {})
  262
+
242 263
     def test_read_by_lines(self):
243 264
         request = WSGIRequest({'REQUEST_METHOD': 'POST', 'wsgi.input': StringIO('name=value')})
244 265
         self.assertEqual(list(request), ['name=value'])

0 notes on commit 9e952be

Please sign in to comment.
Something went wrong with that request. Please try again.