Code

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#9224 closed (fixed)

request.get_full_path() raise string encoding error when user submit a non-ascii url.

Reported by: flytwokites Owned by: nobody
Component: HTTP handling Version: 1.0
Severity: Keywords: get_full_path
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

When a user try submit a url with utf-8 characters like "http://www.django.com/submit/?url=xxx&title=中文字符", and app uses request.get_full_path(), an error will raise, and admins will receive a 500 error email.
In modpython, the implementation code is:

    def get_full_path(self):
        return '%s%s' % (self.path, self._req.args and ('?' + self._req.args) or '')

and currently i fix it use this code:

def get_full_path(self):
    from django.utils.encoding import iri_to_uri
    return '%s%s' % (smart_str(self.path), self._req.args and ('?' + iri_to_uri(self._req.args)) or '')

Attachments (0)

Change History (3)

comment:1 Changed 6 years ago by mtredinnick

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Next time, please submit a patch file, rather than pasting the diff into the body of the description.

After testing this and checking the specs (in particular, RFC 3986), the problem only occurs when an invalid URI is used. URI's are required to percent encode all data outside the US-ASCII range, which is why this isn't normally a problem. Still, since crashing is bad, the fix is worthwhile.

comment:2 Changed 6 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r9189.

comment:3 Changed 6 years ago by mtredinnick

(In [9190]) [1.0.X] Fixed #9224 -- Prevent a crash when certain query strings are sent using
modpython.

Backport of r9189 from trunk.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.