Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#19081 closed Bug (duplicate)

Non-ASCII query string aren't decoded properly

Reported by: aaugustin Owned by: aaugustin
Component: HTTP handling Version: master
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by aaugustin)

In [fcc8de05] I enabled unicode_literals in django.core.servers.basehttp.

This turns environ['QUERY_STRING'] into a unicode string, which later on prevents correct decoding in QueryDict.

A quick'n'dirty, Python 2 only fix is:

diff --git a/django/core/servers/basehttp.py b/django/core/servers/basehttp.py
index 19b287a..af8f2a0 100644
--- a/django/core/servers/basehttp.py
+++ b/django/core/servers/basehttp.py
@@ -144,9 +144,9 @@ class WSGIRequestHandler(simple_server.WSGIRequestHandler, object):
         env['SERVER_PROTOCOL'] = self.request_version
         env['REQUEST_METHOD'] = self.command
         if '?' in self.path:
-            path,query = self.path.split('?',1)
+            path, query = self.path.split(b'?', 1)
         else:
-            path,query = self.path,''
+            path, query = self.path, b''
 
         env['PATH_INFO'] = unquote(path)
         env['QUERY_STRING'] = query

An audit of this module seems necessary. It may even be extended to django.core.servers.

Change History (3)

comment:1 Changed 3 years ago by aaugustin

  • Description modified (diff)
  • Patch needs improvement set

comment:2 Changed 3 years ago by aaugustin

This module starts with a comment that states:

Based on wsgiref.simple_server which is part of the standard library since 2.5.

If this code was copy-pasted into Django for compatibility with Python < 2.5, and we didn't alter it significantly, we should consider switching to the classes provided by wsgiref.

Version 0, edited 3 years ago by aaugustin (next)

comment:3 Changed 3 years ago by claudep

  • Resolution set to duplicate
  • Status changed from new to closed

I think it's a duplicate of #19075, where i suggested another patch. If it is not correct, I think the test case can be kept.

Note: See TracTickets for help on using tickets.
Back to Top