Opened 2 years ago

Closed 2 years ago

#26669 closed Bug (worksforme)

UnicodeDecodeError with non-ASCII string in 'Content-Type' header

Reported by: karech Owned by: nobody
Component: HTTP handling Version: 1.8
Severity: Normal Keywords: UnicodeDecodeError request META CONTENT_TYPE Content-Type
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If someone sends POST request with headers containing non-ASCII value for 'Content-Type', then django raises UnicodeDecodeError.

Traceback (most recent call last):
  File "/usr/lib/python2.7/wsgiref/handlers.py", line 85, in run
    self.result = application(self.environ, self.start_response)
  File "/usr/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", line 63, in __call__
    return self.application(environ, start_response)
  File "/usr/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 189, in __call__
    response = self.get_response(request)
  File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 218, in get_response
    response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
  File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 261, in handle_uncaught_exception
    return debug.technical_500_response(request, *exc_info)
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 97, in technical_500_response
    html = reporter.get_traceback_html()
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 383, in get_traceback_html
    c = Context(self.get_traceback_data(), use_l10n=False)
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 328, in get_traceback_data
    frames = self.get_traceback_frames()
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 501, in get_traceback_frames
    'vars': self.filter.get_traceback_frame_variables(self.request, tb.tb_frame),
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 234, in get_traceback_frame_variables
    cleansed[name] = self.cleanse_special_types(request, value)
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 191, in cleanse_special_types
    value = self.get_request_repr(value)
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 122, in get_request_repr
    return build_request_repr(request, POST_override=self.get_post_parameters(request))
  File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 186, in get_post_parameters
    return request.POST
  File "/usr/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 137, in _get_post
    self._load_post_and_files()
  File "/usr/lib/python2.7/site-packages/django/http/request.py", line 253, in _load_post_and_files
    if self.META.get('CONTENT_TYPE', '').startswith('multipart/form-data'):
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 0: ordinal not in range(128)

How reproduce:

import requests

url = 'http://somesite.com/view_with_post_method'
headers = {'Content-Type': b'\xf0'}
requests.post(url, headers=headers)

Change History (1)

comment:1 Changed 2 years ago by Tim Graham

Resolution: worksforme
Status: newclosed

Perhaps there's something missing in the report but I can't reproduce a crash. Perhaps you could provide a test for Django's test suite instead?

Note: See TracTickets for help on using tickets.
Back to Top