1
0
mirror of https://github.com/django/django.git synced 2025-10-25 14:46:09 +00:00

Fixed #16201 -- Ensure that requests with Content-Length=0 don't break the multipart parser. Thanks to albsen for the report and patch

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16353 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Russell Keith-Magee
2011-06-10 08:39:38 +00:00
parent 046ffa483e
commit 9e952be26f
2 changed files with 27 additions and 1 deletions

View File

@@ -75,7 +75,7 @@ class MultiPartParser(object):
# For now set it to 0; we'll try again later on down. # For now set it to 0; we'll try again later on down.
content_length = 0 content_length = 0
if content_length <= 0: if content_length < 0:
# This means we shouldn't continue...raise an error. # This means we shouldn't continue...raise an error.
raise MultiPartParserError("Invalid content length: %r" % content_length) raise MultiPartParserError("Invalid content length: %r" % content_length)
@@ -105,6 +105,11 @@ class MultiPartParser(object):
encoding = self._encoding encoding = self._encoding
handlers = self._upload_handlers handlers = self._upload_handlers
# HTTP spec says that Content-Length >= 0 is valid
# handling content-length == 0 before continuing
if self._content_length == 0:
return QueryDict(MultiValueDict(), encoding=self._encoding), MultiValueDict()
limited_input_data = LimitBytes(self._input_data, self._content_length) limited_input_data = LimitBytes(self._input_data, self._content_length)
# See if the handler will want to take care of the parsing. # See if the handler will want to take care of the parsing.

View File

@@ -239,6 +239,27 @@ class RequestsTests(unittest.TestCase):
self.assertEqual(request.POST, {u'name': [u'value']}) self.assertEqual(request.POST, {u'name': [u'value']})
self.assertRaises(Exception, lambda: request.raw_post_data) self.assertRaises(Exception, lambda: request.raw_post_data)
def test_POST_multipart_with_content_length_zero(self):
"""
Multipart POST requests with Content-Length >= 0 are valid and need to be handled.
"""
# According to:
# http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
# Every request.POST with Content-Length >= 0 is a valid request,
# this test ensures that we handle Content-Length == 0.
payload = "\r\n".join([
'--boundary',
'Content-Disposition: form-data; name="name"',
'',
'value',
'--boundary--'
''])
request = WSGIRequest({'REQUEST_METHOD': 'POST',
'CONTENT_TYPE': 'multipart/form-data; boundary=boundary',
'CONTENT_LENGTH': 0,
'wsgi.input': StringIO(payload)})
self.assertEqual(request.POST, {})
def test_read_by_lines(self): def test_read_by_lines(self):
request = WSGIRequest({'REQUEST_METHOD': 'POST', 'wsgi.input': StringIO('name=value')}) request = WSGIRequest({'REQUEST_METHOD': 'POST', 'wsgi.input': StringIO('name=value')})
self.assertEqual(list(request), ['name=value']) self.assertEqual(list(request), ['name=value'])