Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#9224 closed (fixed)

request.get_full_path() raise string encoding error when user submit a non-ascii url.

Reported by: flytwokites Owned by: nobody
Component: HTTP handling Version: 1.0
Severity: Keywords: get_full_path
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


When a user try submit a url with utf-8 characters like "中文字符", and app uses request.get_full_path(), an error will raise, and admins will receive a 500 error email.
In modpython, the implementation code is:

    def get_full_path(self):
        return '%s%s' % (self.path, self._req.args and ('?' + self._req.args) or '')

and currently i fix it use this code:

def get_full_path(self):
    from django.utils.encoding import iri_to_uri
    return '%s%s' % (smart_str(self.path), self._req.args and ('?' + iri_to_uri(self._req.args)) or '')

Change History (3)

comment:1 Changed 10 years ago by Malcolm Tredinnick

Next time, please submit a patch file, rather than pasting the diff into the body of the description.

After testing this and checking the specs (in particular, RFC 3986), the problem only occurs when an invalid URI is used. URI's are required to percent encode all data outside the US-ASCII range, which is why this isn't normally a problem. Still, since crashing is bad, the fix is worthwhile.

comment:2 Changed 10 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

Fixed in r9189.

comment:3 Changed 10 years ago by Malcolm Tredinnick

(In [9190]) [1.0.X] Fixed #9224 -- Prevent a crash when certain query strings are sent using

Backport of r9189 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top