1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00

[1.8.x] Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers

Thanks Tom Christie for the report and review.
Backport of ac650d02cb from master.
This commit is contained in:
Raul Cumplido
2015-01-24 12:14:30 +00:00
committed by Claude Paroz
parent 29fa0e3c66
commit 7cc1b4710e
2 changed files with 19 additions and 1 deletions

View File

@@ -643,7 +643,8 @@ def parse_header(line):
# Lang/encoding embedded in the value (like "filename*=UTF-8''file.ext")
# http://tools.ietf.org/html/rfc2231#section-4
name = name[:-1]
has_encoding = True
if p.count(b"'") == 2:
has_encoding = True
value = p[i + 1:].strip()
if has_encoding:
encoding, lang, value = value.split(b"'")

View File

@@ -584,3 +584,20 @@ class MultiParserTests(unittest.TestCase):
for raw_line, expected_title in test_data:
parsed = parse_header(raw_line)
self.assertEqual(parsed[1]['title'], expected_title)
def test_rfc2231_wrong_title(self):
"""
Test wrongly formatted RFC 2231 headers (missing double single quotes).
Parsing should not crash (#24209).
"""
test_data = (
(b"Content-Type: application/x-stuff; title*='This%20is%20%2A%2A%2Afun%2A%2A%2A",
b"'This%20is%20%2A%2A%2Afun%2A%2A%2A"),
(b"Content-Type: application/x-stuff; title*='foo.html",
b"'foo.html"),
(b"Content-Type: application/x-stuff; title*=bar.html",
b"bar.html"),
)
for raw_line, expected_title in test_data:
parsed = parse_header(raw_line)
self.assertEqual(parsed[1]['title'], expected_title)