Malformed query string becomes part of request.path
|Reported by:||mkai||Owned by:||nobody|
|Severity:||Normal||Keywords:||query string, query_string, malformed|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I've been seeing some requests from crawlers to URLs like this lately:
DJango parses this into
request.path == "/page/&a=y&b=y" request.META["QUERY_STRING"] == "".
What I'd like to see is for e. g. CommonMiddleware to fix this malformed query string by replacing the first '&' with an '?'; so that
request.path == '/page/' request.META["QUERY_STRING"] == "a=y&b=y".
This caused some 404s for my site, so I made the following piece of middleware to work around it:
class MalformedQueryStringMiddleware(object): def process_request(self, request): if '&' in request.path: # '&' left over from a malformed query string url = '%s&%s' % (request.path.replace('&', '?', 1), request.META['QUERY_STRING']) return HttpResponsePermanentRedirect(url)
Do you think Django should do that by itself?