Opened 4 years ago

Closed 4 years ago

#31293 closed Cleanup/optimization (fixed)

MultiPartParser support double quotes

Reported by: 007 Owned by: 007
Component: HTTP handling Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Although the rfc2231 document does not indicate that values can be wrapped in double quotes. However, some third-party tools wrap the value in double quotation marks when wrapping HTTP requests (such as the filename of the file uploaded by PostmanCanary). This results in double quotes for the filename at the end of Django parsing.

Postman request body:

----------------------------677822685948106391633425
Content-Disposition: form-data; name="file"; filename="测试.txt"; filename*="UTF-8''%E6%B5%8B%E8%AF%95.txt"
Content-Type: text/plain

test
----------------------------677822685948106391633425--

django got filename is 测试.txt" not 测试.txt

This is not a bug of Django. But I suggest Django do some compatibility processing.

CPython is also compatible with this situation.
https://hg.python.org/cpython/file/default/Lib/test/test_email/test_headerregistry.py

https://github.com/django/django/pull/12485

Change History (7)

comment:1 by 007, 4 years ago

Owner: changed from nobody to 007
Status: newassigned

comment:2 by 007, 4 years ago

Has patch: set

comment:3 by Carlton Gibson, 4 years ago

Triage Stage: UnreviewedAccepted

Thanks for the report. First glance at the PR looks reasonable.

comment:4 by Carlton Gibson, 4 years ago

Triage Stage: AcceptedReady for checkin

PR looks correct. Thank you.

comment:5 by Carlton Gibson, 4 years ago

Triage Stage: Ready for checkinAccepted

GitHub is momentarily dying on me. I have small edits to push. I will try again later.

comment:6 by Carlton Gibson, 4 years ago

Triage Stage: AcceptedReady for checkin

comment:7 by Mariusz Felisiak <felisiak.mariusz@…>, 4 years ago

Resolution: fixed
Status: assignedclosed

In e65fea92:

Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.

Note: See TracTickets for help on using tickets.
Back to Top