Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#19081 closed Bug (duplicate)

Non-ASCII query string aren't decoded properly

Reported by: Aymeric Augustin Owned by: Aymeric Augustin
Component: HTTP handling Version: master
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by Aymeric Augustin)

In [fcc8de05] I enabled unicode_literals in django.core.servers.basehttp.

This turns environ['QUERY_STRING'] into a unicode string, which later on prevents correct decoding in QueryDict.

A quick'n'dirty, Python 2 only fix is:

diff --git a/django/core/servers/basehttp.py b/django/core/servers/basehttp.py
index 19b287a..af8f2a0 100644
--- a/django/core/servers/basehttp.py
+++ b/django/core/servers/basehttp.py
@@ -144,9 +144,9 @@ class WSGIRequestHandler(simple_server.WSGIRequestHandler, object):
         env['SERVER_PROTOCOL'] = self.request_version
         env['REQUEST_METHOD'] = self.command
         if '?' in self.path:
-            path,query = self.path.split('?',1)
+            path, query = self.path.split(b'?', 1)
         else:
-            path,query = self.path,''
+            path, query = self.path, b''
 
         env['PATH_INFO'] = unquote(path)
         env['QUERY_STRING'] = query

An audit of this module seems necessary. It may even be extended to django.core.servers.

Change History (3)

comment:1 Changed 4 years ago by Aymeric Augustin

Description: modified (diff)
Patch needs improvement: set

comment:2 Changed 4 years ago by Aymeric Augustin

This module starts with a comment that states:

Based on wsgiref.simple_server which is part of the standard library since 2.5.

If this code was copy-pasted into Django for compatibility with Python < 2.5, and we didn't alter it significantly, we should consider switching to the classes provided by wsgiref.

Version 0, edited 4 years ago by Aymeric Augustin (next)

comment:3 Changed 4 years ago by Claude Paroz

Resolution: duplicate
Status: newclosed

I think it's a duplicate of #19075, where i suggested another patch. If it is not correct, I think the test case can be kept.

Note: See TracTickets for help on using tickets.
Back to Top