HTTP POST Dictionary should not be populated unconditionally
|Reported by:||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When Django creates an HttpRequest object, it appears to populate the POST property by creating a QueryDict using the contents of the POST entity body unless the Content-Type header begins with "multipart" (in which case it attempts to process a file upload). This behavior produces a garbage POST dictionary if the contents of the entity body are arbitrary binary data. The populating of the POST QueryDict should be skipped unless the Content-Type specifies such processing (such as for URL-encoded form data). It should not perform this processing, for example, if the Content-Type is application/octet-stream.