Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Ensure that request body is read before trying to match xsrf cookie

  • Loading branch information...
commit ac7b77eaf7156d3d27f9852eaa09108f48e35fad 1 parent cfb73ed
Jacob authored

Showing 1 changed file with 17 additions and 17 deletions. Show diff stats Hide diff stats

  1. +17 17 tornado/web.py
34 tornado/web.py
@@ -975,31 +975,31 @@ def _execute(self, transforms, *args, **kwargs):
975 975 try:
976 976 if self.request.method not in self.SUPPORTED_METHODS:
977 977 raise HTTPError(405)
  978 + # read and parse the request body, if not disabled
  979 + exec_req_cb = lambda: self._execute_request(*args, **kwargs)
  980 + if (getattr(self, '_read_body', True) and
  981 + hasattr(self.request, 'content_length')):
  982 + self.request._read_body(exec_req_cb)
  983 + else:
  984 + exec_req_cb()
  985 + except Exception, e:
  986 + self._handle_request_exception(e)
  987 +
  988 + def _execute_request(self, *args, **kwargs):
  989 + try:
978 990 # If XSRF cookies are turned on, reject form submissions without
979 991 # the proper cookie
980   - if self.request.method not in ("GET", "HEAD", "OPTIONS") and \
981   - self.application.settings.get("xsrf_cookies"):
  992 + if (self.request.method not in ("GET", "HEAD", "OPTIONS") and
  993 + self.application.settings.get("xsrf_cookies")):
982 994 self.check_xsrf_cookie()
983 995 self.prepare()
984 996 if not self._finished:
985 997 args = [self.decode_argument(arg) for arg in args]
986 998 kwargs = dict((k, self.decode_argument(v, name=k))
987 999 for (k,v) in kwargs.iteritems())
988   - # read and parse the request body, if not disabled
989   - exec_req_cb = lambda: self._execute_request(*args, **kwargs)
990   - if (getattr(self, '_read_body', True) and
991   - hasattr(self.request, 'content_length')):
992   - self.request._read_body(exec_req_cb)
993   - else:
994   - exec_req_cb()
995   - except Exception, e:
996   - self._handle_request_exception(e)
997   -
998   - def _execute_request(self, *args, **kwargs):
999   - try:
1000   - getattr(self, self.request.method.lower())(*args, **kwargs)
1001   - if self._auto_finish and not self._finished:
1002   - self.finish()
  1000 + getattr(self, self.request.method.lower())(*args, **kwargs)
  1001 + if self._auto_finish and not self._finished:
  1002 + self.finish()
1003 1003 except Exception, e:
1004 1004 self._handle_request_exception(e)
1005 1005

0 comments on commit ac7b77e

Please sign in to comment.
Something went wrong with that request. Please try again.