Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#15679 closed (fixed)

POST data handling bug

Reported by: vkryachko Owned by: nobody
Component: HTTP handling Version: dev
Severity: Keywords: regression
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

django.http.HttpRequest._load_post_and_files() has a bug, which was introduced after 1.2. The problem is that POST does not get populated if request.raw_post_data has been accessed before it.

To reproduce it:

def my_view(request,*args,**kwargs):
    raw_post = request.raw_post_data
    post = request.POST # post is an empty QueryDict

I think he problem here is in this condition http://code.djangoproject.com/browser/django/trunk/django/http/__init__.py#L265 , which to me makes sense only in multipart request.

I've attached a patch to fix it.

Attachments (1)

patch.diff (769 bytes ) - added by vkryachko 13 years ago.

Download all attachments as: .zip

Change History (4)

by vkryachko, 13 years ago

Attachment: patch.diff added

comment:1 by Luke Plant, 13 years ago

Has patch: set
Keywords: regression added
Needs tests: set
Patch needs improvement: set
Triage Stage: UnreviewedAccepted

Accepted. I think the correct fix is something more like replacing:

    if self._read_started:

with

    if self._read_started and not hasattr(self, '_raw_post_data'):

in _load_post_and_files.

However, this still has a bug in that method if:

  1. raw_post_data is accessed
  2. the stream is then accessed by some code, causing the StringIO to be (partially) used.
  3. _load_post_and_files is then accessed, which calls parse_file_upload with a (partially) used source of data.

comment:2 by Luke Plant, 13 years ago

Resolution: fixed
Status: newclosed

In [15938]:

Fixed #15679 - regression in HttpRequest.POST and raw_post_data access.

Thanks to vkryachko for the report.

This also fixes a slight inconsistency with raw_post_data after parsing of a
multipart request, and adds a test for that. (Previously accessing
raw_post_data would have returned the empty string rather than raising an
Exception).

comment:3 by Luke Plant, 13 years ago

In [15939]:

[1.3.X] Fixed #15679 - regression in HttpRequest.POST and raw_post_data access.

Thanks to vkryachko for the report.

This also fixes a slight inconsistency with raw_post_data after parsing of a
multipart request, and adds a test for that. (Previously accessing
raw_post_data would have returned the empty string rather than raising an
Exception).

Backport of [15938] from trunk.

Note: See TracTickets for help on using tickets.
Back to Top