Code

Opened 21 months ago

Closed 21 months ago

Last modified 21 months ago

#19081 closed Bug (duplicate)

Non-ASCII query string aren't decoded properly

Reported by: aaugustin Owned by: aaugustin
Component: HTTP handling Version: master
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by aaugustin)

In [fcc8de05] I enabled unicode_literals in django.core.servers.basehttp.

This turns environ['QUERY_STRING'] into a unicode string, which later on prevents correct decoding in QueryDict.

A quick'n'dirty, Python 2 only fix is:

diff --git a/django/core/servers/basehttp.py b/django/core/servers/basehttp.py
index 19b287a..af8f2a0 100644
--- a/django/core/servers/basehttp.py
+++ b/django/core/servers/basehttp.py
@@ -144,9 +144,9 @@ class WSGIRequestHandler(simple_server.WSGIRequestHandler, object):
         env['SERVER_PROTOCOL'] = self.request_version
         env['REQUEST_METHOD'] = self.command
         if '?' in self.path:
-            path,query = self.path.split('?',1)
+            path, query = self.path.split(b'?', 1)
         else:
-            path,query = self.path,''
+            path, query = self.path, b''
 
         env['PATH_INFO'] = unquote(path)
         env['QUERY_STRING'] = query

An audit of this module seems necessary. It may even be extended to django.core.servers.

Attachments (0)

Change History (3)

comment:1 Changed 21 months ago by aaugustin

  • Description modified (diff)
  • Patch needs improvement set

comment:2 Changed 21 months ago by aaugustin

This module starts with a comment that states:

Based on wsgiref.simple_server which is part of the standard library since 2.5.

If this code was copy-pasted into Django for compatibility with Python < 2.5, and we didn't alter it significantly, we should consider switching to the classes provided by wsgiref.

After discussing this with Florian on IRC, we'd like to try to compare the current code with the 2.6 and 2.7 stdlib, and switch to the stdlib wherever possible, subclassing if necessary. Thus we'll benefit from a correct WSGI implementation both under Python 2 and 3.

Last edited 21 months ago by aaugustin (previous) (diff)

comment:3 Changed 21 months ago by claudep

  • Resolution set to duplicate
  • Status changed from new to closed

I think it's a duplicate of #19075, where i suggested another patch. If it is not correct, I think the test case can be kept.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.