Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#15679 closed (fixed)

POST data handling bug

Reported by: vkryachko Owned by: nobody
Component: HTTP handling Version: master
Severity: Keywords: regression
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: yes
Easy pickings: UI/UX:

Description

django.http.HttpRequest._load_post_and_files() has a bug, which was introduced after 1.2. The problem is that POST does not get populated if request.raw_post_data has been accessed before it.

To reproduce it:

def my_view(request,*args,**kwargs):
    raw_post = request.raw_post_data
    post = request.POST # post is an empty QueryDict

I think he problem here is in this condition http://code.djangoproject.com/browser/django/trunk/django/http/__init__.py#L265 , which to me makes sense only in multipart request.

I've attached a patch to fix it.

Attachments (1)

patch.diff (769 bytes) - added by vkryachko 4 years ago.

Download all attachments as: .zip

Change History (4)

Changed 4 years ago by vkryachko

comment:1 Changed 4 years ago by lukeplant

  • Has patch set
  • Keywords regression added
  • Needs documentation unset
  • Needs tests set
  • Patch needs improvement set
  • Triage Stage changed from Unreviewed to Accepted

Accepted. I think the correct fix is something more like replacing:

    if self._read_started:

with

    if self._read_started and not hasattr(self, '_raw_post_data'):

in _load_post_and_files.

However, this still has a bug in that method if:

  1. raw_post_data is accessed
  2. the stream is then accessed by some code, causing the StringIO to be (partially) used.
  3. _load_post_and_files is then accessed, which calls parse_file_upload with a (partially) used source of data.

comment:2 Changed 4 years ago by lukeplant

  • Resolution set to fixed
  • Status changed from new to closed

In [15938]:

Fixed #15679 - regression in HttpRequest.POST and raw_post_data access.

Thanks to vkryachko for the report.

This also fixes a slight inconsistency with raw_post_data after parsing of a
multipart request, and adds a test for that. (Previously accessing
raw_post_data would have returned the empty string rather than raising an
Exception).

comment:3 Changed 4 years ago by lukeplant

In [15939]:

[1.3.X] Fixed #15679 - regression in HttpRequest.POST and raw_post_data access.

Thanks to vkryachko for the report.

This also fixes a slight inconsistency with raw_post_data after parsing of a
multipart request, and adds a test for that. (Previously accessing
raw_post_data would have returned the empty string rather than raising an
Exception).

Backport of [15938] from trunk.

Note: See TracTickets for help on using tickets.
Back to Top