Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#9224 closed (fixed)

request.get_full_path() raise string encoding error when user submit a non-ascii url.

Reported by: flytwokites Owned by: nobody
Component: HTTP handling Version: 1.0
Severity: Keywords: get_full_path
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When a user try submit a url with utf-8 characters like "http://www.django.com/submit/?url=xxx&title=中文字符", and app uses request.get_full_path(), an error will raise, and admins will receive a 500 error email.
In modpython, the implementation code is:

    def get_full_path(self):
        return '%s%s' % (self.path, self._req.args and ('?' + self._req.args) or '')

and currently i fix it use this code:

def get_full_path(self):
    from django.utils.encoding import iri_to_uri
    return '%s%s' % (smart_str(self.path), self._req.args and ('?' + iri_to_uri(self._req.args)) or '')

Change History (3)

comment:1 by Malcolm Tredinnick, 16 years ago

Next time, please submit a patch file, rather than pasting the diff into the body of the description.

After testing this and checking the specs (in particular, RFC 3986), the problem only occurs when an invalid URI is used. URI's are required to percent encode all data outside the US-ASCII range, which is why this isn't normally a problem. Still, since crashing is bad, the fix is worthwhile.

comment:2 by Malcolm Tredinnick, 16 years ago

Resolution: fixed
Status: newclosed

Fixed in r9189.

comment:3 by Malcolm Tredinnick, 16 years ago

(In [9190]) [1.0.X] Fixed #9224 -- Prevent a crash when certain query strings are sent using
modpython.

Backport of r9189 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top