Refs #36520 -- Ensured only the header value is passed to parse_header_parameters for multipart requests.

Header parsing should apply only to the header value. The previous implementation happened to work but relied on unintended behavior.
2025-10-29 00:26:07 +00:00 · 2025-08-20 16:04:48 +01:00
parent c93dddf659
commit 41ff30f6f9
2 changed files with 31 additions and 4 deletions
--- a/tests/requests_tests/tests.py
+++ b/tests/requests_tests/tests.py
@@ -450,6 +450,34 @@ class RequestsTests(SimpleTestCase):
        with self.assertRaises(RawPostDataException):
            request.body

+    def test_malformed_multipart_header(self):
+        for header in [
+            'Content-Disposition : form-data; name="name"',
+            'Content-Disposition:form-data; name="name"',
+            'Content-Disposition :form-data; name="name"',
+        ]:
+            with self.subTest(header):
+                payload = FakePayload(
+                    "\r\n".join(
+                        [
+                            "--boundary",
+                            header,
+                            "",
+                            "value",
+                            "--boundary--",
+                        ]
+                    )
+                )
+                request = WSGIRequest(
+                    {
+                        "REQUEST_METHOD": "POST",
+                        "CONTENT_TYPE": "multipart/form-data; boundary=boundary",
+                        "CONTENT_LENGTH": len(payload),
+                        "wsgi.input": payload,
+                    }
+                )
+                self.assertEqual(request.POST, {"name": ["value"]})
+
    def test_body_after_POST_multipart_related(self):
        """
        Reading body after parsing multipart that isn't form-data is allowed