Opened 6 years ago
Closed 6 years ago
#30852 closed Bug (duplicate)
Technical 500 page's ExceptionReporter may crash when given a POST payload with an invalid boundary
| Reported by: | Keryn Knight | Owned by: | |
|---|---|---|---|
| Component: | Error reporting | Version: | 2.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Saw this on IRC yesterday, recording it as it's unlikely the user will now do so; I've sanitised the paths referenced in the traceback, but the user was on Windows using Python 3.7 - they were trying to send an AJAX request with a file attachment via FormData, but were getting it wrong...
File ".../django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File ".../django/utils/deprecation.py", line 94, in __call__
response = response or self.get_response(request)
File ".../django/core/handlers/exception.py", line 36, in inner
response = response_for_exception(request, exc)
File ".../django/core/handlers/exception.py", line 90, in response_for_exception
response = handle_uncaught_exception(request, get_resolver(get_urlconf()), sys.exc_info())
File ".../django/core/handlers/exception.py", line 125, in handle_uncaught_exception
return debug.technical_500_response(request, *exc_info)
File ".../django/views/debug.py", line 94, in technical_500_response
html = reporter.get_traceback_html()
File ".../django/views/debug.py", line 333, in get_traceback_html
c = Context(self.get_traceback_data(), use_l10n=False)
File ".../django/views/debug.py", line 305, in get_traceback_data
'filtered_POST_items': list(self.filter.get_post_parameters(self.request).items()),
File ".../django/views/debug.py", line 177, in get_post_parameters
return request.POST
File ".../django/core/handlers/wsgi.py", line 110, in _get_post
self._load_post_and_files()
File ".../django/http/request.py", line 315, in _load_post_and_files
self._post, self._files = self.parse_file_upload(self.META, data)
File ".../django/http/request.py", line 274, in parse_file_upload
parser = MultiPartParser(META, post_data, self.upload_handlers, self.encoding)
File ".../django/http/multipartparser.py", line 72, in __init__
raise MultiPartParserError('Invalid boundary in multipart: %s' % boundary.decode())
AttributeError: 'NoneType' object has no attribute 'decode'
Ultimately, parse_file_upload is intended to be allowed to raise MultiPartParserError which is then re-raised, but MultiPartParserError probably shouldn't be encountered when trying to render the debug page itself, so get_post_parameters perhaps ought to handle exceptions which may occur from accessing request.POST (for the first time? not sure)
Note:
See TracTickets
for help on using tickets.
Hi Keryn. Thank you for the report!
This is a Duplicate of #30227.