Opened 10 years ago

Closed 9 years ago

#18553 closed Bug (duplicate)

Django multipart parser creates mutable QueryDict

Reported by: k_bx Owned by: fred
Component: HTTP handling Version: 1.4
Severity: Normal Keywords:
Cc: k_bx, fred Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


When you send multipart request (which, unfortunately, is sent every time your testclient does POST-request ), your view will get request.POST to be QueryDict with request.POST._mutable == True.

This caused me to write test that passes (sends POST-request and modifies request.POST in view), but production that fails.

Change History (5)

comment:1 Changed 10 years ago by k_bx

Cc: k_bx added

comment:2 Changed 10 years ago by Luke Plant

Triage Stage: UnreviewedAccepted

I haven't tested, but it sounds plausible.

comment:3 Changed 9 years ago by Aymeric Augustin

Component: UncategorizedHTTP handling
Type: UncategorizedBug

comment:4 Changed 9 years ago by fred

Cc: fred added
Owner: changed from nobody to fred
Status: newassigned

I can confirm the following behavior in 1.7.dev20130628193320, using the following view:

from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from django.http import HttpResponse

class IndexView(View):
    def post(self, request):                                                                                                                                                                                
        return HttpResponse(bool(request.POST._mutable))

    def dispatch(self, *args, **kwargs):
        return super(IndexView, self).dispatch(*args, **kwargs)

The behavior is as follows:

  • When this view is called with a POST of type application/x-www-form-urlencoded, it returns "False" (the POST is immutable).
  • When this view is called with a POST of type multipart/form-data POST, it returns "True".
  • Likewise, when calling the view through'/view'), it returns "True". This confirms that the bug may lead to code that passes tests and fails in production.

I'd like to further look into this issue.

Last edited 9 years ago by fred (previous) (diff)

comment:5 Changed 9 years ago by Claude Paroz

Resolution: duplicate
Status: assignedclosed

Duplicate of #17235

Note: See TracTickets for help on using tickets.
Back to Top