Opened 3 years ago

Closed 18 months ago

#18553 closed Bug (duplicate)

Django multipart parser creates mutable QueryDict

Reported by: k_bx Owned by: fred
Component: HTTP handling Version: 1.4
Severity: Normal Keywords:
Cc: k_bx, fred Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


When you send multipart request (which, unfortunately, is sent every time your testclient does POST-request ), your view will get request.POST to be QueryDict with request.POST._mutable == True.

This caused me to write test that passes (sends POST-request and modifies request.POST in view), but production that fails.

Change History (5)

comment:1 Changed 3 years ago by k_bx

  • Cc k_bx added
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 3 years ago by lukeplant

  • Triage Stage changed from Unreviewed to Accepted

I haven't tested, but it sounds plausible.

comment:3 Changed 2 years ago by aaugustin

  • Component changed from Uncategorized to HTTP handling
  • Type changed from Uncategorized to Bug

comment:4 Changed 21 months ago by fred

  • Cc fred added
  • Owner changed from nobody to fred
  • Status changed from new to assigned

I can confirm the following behavior in 1.7.dev20130628193320, using the following view:

from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from django.http import HttpResponse

class IndexView(View):
    def post(self, request):                                                                                                                                                                                
        return HttpResponse(bool(request.POST._mutable))

    def dispatch(self, *args, **kwargs):
        return super(IndexView, self).dispatch(*args, **kwargs)

The behavior is as follows:

  • When this view is called with a POST of type application/x-www-form-urlencoded, it returns "False" (the POST is immutable).
  • When this view is called with a POST of type multipart/form-data POST, it returns "True".
  • Likewise, when calling the view through'/view'), it returns "True". This confirms that the bug may lead to code that passes tests and fails in production.

I'd like to further look into this issue.

Last edited 21 months ago by fred (previous) (diff)

comment:5 Changed 18 months ago by claudep

  • Resolution set to duplicate
  • Status changed from assigned to closed

Duplicate of #17235

Note: See TracTickets for help on using tickets.
Back to Top