#9224 closed (fixed)
request.get_full_path() raise string encoding error when user submit a non-ascii url.
| Reported by: | flytwokites | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | 1.0 |
| Severity: | Keywords: | get_full_path | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When a user try submit a url with utf-8 characters like "http://www.django.com/submit/?url=xxx&title=中文字符", and app uses request.get_full_path(), an error will raise, and admins will receive a 500 error email.
In modpython, the implementation code is:
def get_full_path(self):
return '%s%s' % (self.path, self._req.args and ('?' + self._req.args) or '')
and currently i fix it use this code:
def get_full_path(self):
from django.utils.encoding import iri_to_uri
return '%s%s' % (smart_str(self.path), self._req.args and ('?' + iri_to_uri(self._req.args)) or '')
Note:
See TracTickets
for help on using tickets.
Next time, please submit a patch file, rather than pasting the diff into the body of the description.
After testing this and checking the specs (in particular, RFC 3986), the problem only occurs when an invalid URI is used. URI's are required to percent encode all data outside the US-ASCII range, which is why this isn't normally a problem. Still, since crashing is bad, the fix is worthwhile.