mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	Fixed #23638 -- Prevented crash while parsing invalid cookie content
Thanks Philip Gatt for the report and Tim Graham for the review.
This commit is contained in:
		| @@ -263,4 +263,4 @@ def get_str_from_wsgi(environ, key, default): | |||||||
|     """ |     """ | ||||||
|     value = environ.get(str(key), str(default)) |     value = environ.get(str(key), str(default)) | ||||||
|     # Same comment as above |     # Same comment as above | ||||||
|     return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8) |     return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8, errors='replace') | ||||||
|   | |||||||
| @@ -117,3 +117,6 @@ Bugfixes | |||||||
| * Fixed generic relations in ``ModelAdmin.list_filter`` (:ticket:`23616`). | * Fixed generic relations in ``ModelAdmin.list_filter`` (:ticket:`23616`). | ||||||
|  |  | ||||||
| * Restored RFC compliance for the SMTP backend on Python 3 (:ticket:`23063`). | * Restored RFC compliance for the SMTP backend on Python 3 (:ticket:`23063`). | ||||||
|  |  | ||||||
|  | * Fixed a crash while parsing cookies containing invalid content | ||||||
|  |   (:ticket:`23638`). | ||||||
|   | |||||||
| @@ -80,6 +80,16 @@ class HandlerTests(TestCase): | |||||||
|         # much more work than fixing #20557. Feel free to remove force_str()! |         # much more work than fixing #20557. Feel free to remove force_str()! | ||||||
|         self.assertEqual(request.COOKIES['want'], force_str("café")) |         self.assertEqual(request.COOKIES['want'], force_str("café")) | ||||||
|  |  | ||||||
|  |     def test_invalid_unicode_cookie(self): | ||||||
|  |         """ | ||||||
|  |         Invalid cookie content should result in an absent cookie, but not in a | ||||||
|  |         crash while trying to decode it (#23638). | ||||||
|  |         """ | ||||||
|  |         environ = RequestFactory().get('/').environ | ||||||
|  |         environ['HTTP_COOKIE'] = 'x=W\x03c(h]\x8e' | ||||||
|  |         request = WSGIRequest(environ) | ||||||
|  |         self.assertEqual(request.COOKIES, {}) | ||||||
|  |  | ||||||
|  |  | ||||||
| @override_settings(ROOT_URLCONF='handlers.urls') | @override_settings(ROOT_URLCONF='handlers.urls') | ||||||
| class TransactionsPerRequestTests(TransactionTestCase): | class TransactionsPerRequestTests(TransactionTestCase): | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user