Opened 8 years ago
Closed 8 years ago
#27153 closed Cleanup/optimization (fixed)
HttpResponseBase should check for valid HTTP status code
Reported by: | Ryan Allen | Owned by: | nobody |
---|---|---|---|
Component: | HTTP handling | Version: | 1.10 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Currently, the HttpResponseBase class does not check for Type or Value Error on the HTTP status code. If a bad value such as a string is passed it, an exception is not thrown until it reaches:
File "django/http/utils.py", line 17, in conditional_content_removal if 100 <= response.status_code < 200 or response.status_code in (204, 304): TypeError: unorderable types: int() <= str()
Proposed fix:
- Valid status values in the form of a string should be coerced to an integer if possible.
- Integer values less than 100 or greater than 599 should also be rejected based on W3C Status Code Definitions RFC 2612
Change History (4)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
Easy pickings: | unset |
---|---|
Patch needs improvement: | set |
Triage Stage: | Unreviewed → Accepted |
comment:3 by , 8 years ago
Patch needs improvement: | unset |
---|---|
Triage Stage: | Accepted → Ready for checkin |
Note:
See TracTickets
for help on using tickets.
Github PR: https://github.com/django/django/pull/7165