Context Navigation

← Previous Ticket
Next Ticket →

#21282 closed Bug (fixed)

The serialize_headers method of HttpResponse fails to handle latin1-compatible values

Reported by:	Raphaël Barrois	Owned by:	nobody
Component:	HTTP handling	Version:	1.4
Severity:	Normal	Keywords:	http header encoding
Cc:		Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

If a header value (passed as unicode) contains only ascii data, serialize_headers() doesn't fail
If it contains characters that can't be encoded in latin1, serialize_headers() doesn't fail
If it contains only characters valid in latin1, including some outside the ascii range, serialize_headers() fails with a UnicodeDecodeError.

The culprit seems to lie on line 132 of django/http/response.py: that line calls ('%s: %s' % (key, value)).encode('us-ascii'), but at this point, key is ascii bytes and value is a bytes array containing either latin1-encoded text or mime-encoded utf8 text.

Since we're using unicode_literals, Python tries value.decode('ascii'), which fails if, and only if, value contains latin1 characters outside the ascii range.

I have attached a patch containing both a test exhibiting the issue and a patch fixing it (no test failure).

Note: This is not a release blocker, since the serialize_headers() and its callers (serialize() and __str__()) aren't used while answering requests.

Attachments (2)

fix_ticket_21282_httpresponse_serialize.patch (1.5 KB ) - added by Raphaël Barrois 11 years ago.: Test and fix for HttpResponse.serialize_headers() bug.
21282-2.diff (1.9 KB ) - added by Claude Paroz 11 years ago.: py3 compatible version

Download all attachments as: .zip

Change History (7)

by Raphaël Barrois, 11 years ago

Attachment:	fix_ticket_21282_httpresponse_serialize.patch added

Test and fix for HttpResponse.serialize_headers() bug.

comment:1 by Raphaël Barrois, 11 years ago

The test suite passes with the proposed patch:

Ran 5906 tests in 201.214s

OK (skipped=348, expected failures=11)

comment:2 by Claude Paroz, 11 years ago

Triage Stage:	Unreviewed → Accepted

by Claude Paroz, 11 years ago

Attachment:	21282-2.diff added

py3 compatible version

comment:3 by Claude Paroz, 11 years ago

I've attached a slightly different patch, Python 3 compatible. Aymeric's review mandatory!

comment:4 by Claude Paroz <claude@…>, 11 years ago

Resolution:	→ fixed
Status:	new → closed

In a14f08723304be27e851c753a68c8200473a9ca1:

Fixed #21282 -- Made HttpResponse.serialize_headers accept latin-1

Thanks Raphaël Barrois for the report and the initial patch and
Aymeric Augustin for the review.

comment:5 by Claude Paroz <claude@…>, 11 years ago

In b2f9c74ed1cd246022ab52d239eeb33f950dcc70:

[1.6.x] Fixed #21282 -- Made HttpResponse.serialize_headers accept latin-1

Thanks Raphaël Barrois for the report and the initial patch and
Aymeric Augustin for the review.

Backport of a14f087233 from master.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues