Opened 3 years ago

Closed 22 months ago

#18553 closed Bug (duplicate)

Django multipart parser creates mutable QueryDict

Reported by: k_bx Owned by: fred
Component: HTTP handling Version: 1.4
Severity: Normal Keywords:
Cc: k_bx, fred Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When you send multipart request (which, unfortunately, is sent every time your testclient does POST-request https://code.djangoproject.com/ticket/18552 ), your view will get request.POST to be QueryDict with request.POST._mutable == True.

This caused me to write test that passes (sends POST-request and modifies request.POST in view), but production that fails.

Change History (5)

comment:1 Changed 3 years ago by k_bx

  • Cc k_bx added
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 3 years ago by lukeplant

  • Triage Stage changed from Unreviewed to Accepted

I haven't tested, but it sounds plausible.

comment:3 Changed 2 years ago by aaugustin

  • Component changed from Uncategorized to HTTP handling
  • Type changed from Uncategorized to Bug

comment:4 Changed 2 years ago by fred

  • Cc fred added
  • Owner changed from nobody to fred
  • Status changed from new to assigned

I can confirm the following behavior in 1.7.dev20130628193320, using the following view:

from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from django.http import HttpResponse


class IndexView(View):
    def post(self, request):                                                                                                                                                                                
        return HttpResponse(bool(request.POST._mutable))

    @csrf_exempt
    def dispatch(self, *args, **kwargs):
        return super(IndexView, self).dispatch(*args, **kwargs)

The behavior is as follows:

  • When this view is called with a POST of type application/x-www-form-urlencoded, it returns "False" (the POST is immutable).
  • When this view is called with a POST of type multipart/form-data POST, it returns "True".
  • Likewise, when calling the view through self.client.post('/view'), it returns "True". This confirms that the bug may lead to code that passes tests and fails in production.

I'd like to further look into this issue.

Last edited 2 years ago by fred (previous) (diff)

comment:5 Changed 22 months ago by claudep

  • Resolution set to duplicate
  • Status changed from assigned to closed

Duplicate of #17235

Note: See TracTickets for help on using tickets.
Back to Top