Changes between Version 1 and Version 5 of Ticket #36931
- Timestamp:
- Feb 16, 2026, 7:58:32 PM (3 weeks ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #36931 – Description
v1 v5 1 When a multipart form upload includes an RFC 2231 encoded `filename*` parameter with an invalid encoding name (e.g., `filename*=BOGUS''test%20file.txt`), [ parse_header_parameters()](https://github.com/django/django/blob/main/django/utils/http.py#L332), [django/utils/http.py](https://github.com/django/django/blob/main/django/utils/http.py)passes the encoding to `urllib.parse.unquote()`, which raises `LookupError`.1 When a multipart form upload includes an RFC 2231 encoded `filename*` parameter with an invalid encoding name (e.g., `filename*=BOGUS''test%20file.txt`), [[https://github.com/django/django/blob/main/django/utils/http.py#L332|parse_header_parameters()]], [[https://github.com/django/django/blob/main/django/utils/http.py|django/utils/http.py]] passes the encoding to `urllib.parse.unquote()`, which raises `LookupError`. 2 2 3 The caller in [ django/http/multipartparser.py](https://github.com/django/django/blob/main/django/http/multipartparser.py#L729)only catches `ValueError`:3 The caller in [[https://github.com/django/django/blob/main/django/http/multipartparser.py#L729|django/http/multipartparser.py]] only catches `ValueError`: 4 4 5 5 {{{#!python