#5611: modpython handler should check content-type before parsing post body
-----------------------+----------------------------------------------------
Reporter: paulegan | Owner: nobody
Status: new | Component: HTTP handling
Version: SVN | Keywords: modpython
Stage: Unreviewed | Has_patch: 1
-----------------------+----------------------------------------------------
The modpython handler currently tries to parse the request body as
`application/x-www-form-urlencoded` regardless of the actual content type.
This leads to an exception being thrown if the content is not parseable.
See attached patch for suggested strict checking of request content-type.
=== Example ===
{{{
echo -e '\0' | curl -v --data-binary @- http://localhost/
}}}
Throws:
{{{
Traceback (most recent call last):
File "/usr/lib64/python2.5/site-packages/mod_python/importer.py", line
1537, in HandlerDispatch
default=default_handler, arg=req, silent=hlist.silent)
File "/usr/lib64/python2.5/site-packages/mod_python/importer.py", line
1229, in _process_target
result = _execute_target(config, req, object, arg)
File "/usr/lib64/python2.5/site-packages/mod_python/importer.py", line
1128, in _execute_target
result = object(arg)
File "/usr/lib/python2.5/site-
packages/django/core/handlers/modpython.py", line 181, in handler
return ModPythonHandler()(req)
File "/usr/lib/python2.5/site-
packages/django/core/handlers/modpython.py", line 154, in __call__
response = self.get_response(request)
File "/usr/lib/python2.5/site-packages/django/core/handlers/base.py",
line 53, in get_response
response = self._real_get_response(request)
File "/usr/lib/python2.5/site-packages/django/core/handlers/base.py",
line 63, in _real_get_response
response = middleware_method(request)
File
"/home/paul/work/site/trunk/bydesign/middleware/hotshot_profiler.py", line
13, in process_request
if settings.DEBUG and request.has_key('prof'):
File "/usr/lib/python2.5/site-packages/django/http/__init__.py", line
43, in has_key
return key in self.GET or key in self.POST
File "/usr/lib/python2.5/site-
packages/django/core/handlers/modpython.py", line 73, in _get_post
self._load_post_and_files()
File "/usr/lib/python2.5/site-
packages/django/core/handlers/modpython.py", line 56, in
_load_post_and_files
self._post, self._files = http.QueryDict(self.raw_post_data,
encoding=self._encoding), datastructures.MultiValueDict()
File "/usr/lib/python2.5/site-packages/django/http/__init__.py", line
148, in __init__
for key, value in parse_qsl((query_string or ''), True): #
keep_blank_values=True
TypeError: argument 1 must be string without null bytes, not str
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/5611>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
