Code

Opened 9 years ago

Closed 7 years ago

#613 closed enhancement (wontfix)

prevent raw_post_data parsing on defined view functions

Reported by: hugo Owned by: adrian
Component: Core (Other) Version:
Severity: minor Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description (last modified by hugo)

There should be a way to prevent parsing of POST data for some view functions. This would be usefull for example for view functions that do their own POST parsing, like some view function that parses XMLRPC requests or some other special format. Currently access to POST (either the dict as a whole or some variable in it) will instantiate the QueryDict for the post data and so parse the post raw data - even if it isn't a valid POST query string. That would put high load on the machine if the POST data is rather large - think of a XMLRPC API where ImageField content is transported as base64 data ...

Django currently parses the POST data lazily, but middlware might try to access POST on a request and trigger parsing, even though the function itself never touches POST. So this would be more kind of a safety net.

A idea on how to do it: a decorator that registers a view function into some global dictionary and then a check in BaseHandler.get_response wether the discovered view function is in that global dictionary and if yes, switch the request to a don't-parse-POST state (that needs to be checked in the _get_post property getters in both the WSGRequest and the ModPythonRequest).

Attachments (0)

Change History (4)

comment:1 Changed 9 years ago by hugo

  • Description modified (diff)

comment:2 Changed 8 years ago by adrian

  • priority changed from normal to lowest
  • Severity changed from normal to minor

comment:3 Changed 7 years ago by Gary Wilson <gary.wilson@…>

  • Triage Stage changed from Unreviewed to Design decision needed

comment:4 Changed 7 years ago by jacob

  • Resolution set to wontfix
  • Status changed from new to closed

As long as you don't access request.POST for parsing, it'll never get parsed. Middleware shouldn't look at request.POST, so that's not really a concern (that is, if middleware *does* hit request.POST, it's a bug).

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.