mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers
Thanks Tom Christie for the report and review.
This commit is contained in:
parent
332139d23d
commit
ac650d02cb
@ -643,7 +643,8 @@ def parse_header(line):
|
||||
# Lang/encoding embedded in the value (like "filename*=UTF-8''file.ext")
|
||||
# http://tools.ietf.org/html/rfc2231#section-4
|
||||
name = name[:-1]
|
||||
has_encoding = True
|
||||
if p.count(b"'") == 2:
|
||||
has_encoding = True
|
||||
value = p[i + 1:].strip()
|
||||
if has_encoding:
|
||||
encoding, lang, value = value.split(b"'")
|
||||
|
@ -584,3 +584,20 @@ class MultiParserTests(unittest.TestCase):
|
||||
for raw_line, expected_title in test_data:
|
||||
parsed = parse_header(raw_line)
|
||||
self.assertEqual(parsed[1]['title'], expected_title)
|
||||
|
||||
def test_rfc2231_wrong_title(self):
|
||||
"""
|
||||
Test wrongly formatted RFC 2231 headers (missing double single quotes).
|
||||
Parsing should not crash (#24209).
|
||||
"""
|
||||
test_data = (
|
||||
(b"Content-Type: application/x-stuff; title*='This%20is%20%2A%2A%2Afun%2A%2A%2A",
|
||||
b"'This%20is%20%2A%2A%2Afun%2A%2A%2A"),
|
||||
(b"Content-Type: application/x-stuff; title*='foo.html",
|
||||
b"'foo.html"),
|
||||
(b"Content-Type: application/x-stuff; title*=bar.html",
|
||||
b"bar.html"),
|
||||
)
|
||||
for raw_line, expected_title in test_data:
|
||||
parsed = parse_header(raw_line)
|
||||
self.assertEqual(parsed[1]['title'], expected_title)
|
||||
|
Loading…
Reference in New Issue
Block a user