id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15785	HttpRequest.read(NUM_BYTES) can read beyond the end of wsgi.input stream.  (Violation of WSGI spec & under-defined behaviour)	Tom Christie	Tom Christie	"Okay, this is the underlying cause behind #15762 and #15763.
I've marked those as duplicates of this ticket.

Please see discussion on this bug here: https://groups.google.com/forum/#!topic/django-developers/VG1ueWTSs_g

The problem is now that HttpRequest exposes a read() method, user code can do something like:

{{{
request_content = json.load(request)
}}}

at the moment that will:

* break the wsgi spec, as the client app is contracted not to attempt to read more than CONTENT-LENGTH bytes from wsgi.input
* result in under-defined behaviour, although it appears to work right now.
* break when used in the test client, as per #15762

I've attached a patch with tests for this issue, which:

* Changes WSGIRequest._stream to be a property that is (always) instantiated as a !LimitedStream when first accessed.
* Removes some redundant code in !HttpRequest and !MultiPartParser.
* Fixes some minor bugs in tests/regressiontests/requests/tests.py
* Adds two tests for !MultiPartParser to check graceful behaviour on truncated or empty multipart requests.
* Adds a test for !TestClient request.read(LARGE_BUFFER) behaviour.
"	Bug	closed	HTTP handling	1.3-rc	Normal	fixed	http, wsgi	Maniac@… Tom Christie	Ready for checkin	1	0	0	0	0	0